Alert: Hackers attack 90000 wordpress blogs in last one week !
The attacks began last week, and have affected more than 90,000 blogs so far. The hackers behind the attacks have combed through WordPress accounts and attempted to guess passwords via brute force.
Read the complete news here :
http://mashable.com/2013/04/15/hackers-wordpress-blogs/?utm_medium=email&utm_source=newsletter
Reason: heading
If you are running a Wordpress site, I would request you to boost your security. Please do the following:
1. Make your password stronger
2. If you are using the generic 'admin' username, please change it to a more complicated and difficult to guess name. You can do this by the following plugin: Admin username changer
3. You can also use security plugins. I have been using Stop Spammer Registrations Plugin. If you are using Buddypress, then this is even better to use this.
4. Try to find a way to have two levels of security.
Its only for Wordpress.com :(
Will need to find something for selfhosted ones
Also, please make a backup of your blogs asap. If everything fails, these backups will save the day. The attacks continue and are spreading.
Can I have a backup of my blogspot blogs?...how?
thanks Thakur 
A note: For selfhosted Wordpress, merely taking an export might not be enough. A backup from cPanel and the database will be a good idea. Am running mine just now.
Yup absolutely right......precaution is always a good idea.....
It is really a freaking news for all the bloggers who have given the big part of their whole day in writing interesting blogs one after the other. I wish all the bloggers will benefit from the article you have mentioned.After all, 'Prevention is always better than a cure(sometimes completely unavailable)'.
set a dificult password and delete the login page itself .
there are tons of tools to bulk hack its pretty usual on the scene
wp may not always have a vulnerability but the plugins/themes you use can have
Wordfence is a good solution
Cheers!
Very true. Actually many hacks usually happen due to plugins.
BTW , how to delete the login page ? How do we login if it is not there ?
How do you delete the login page? And then how do you login yourself?
whenever you want to login just upload the login page and login lol
delete login page from FTP, how else?
n if u using blogspot or any other such service, just have a long n strong password thts it
I agree Chaitanya. Worldfence is amazing. I have it on one of my blogs and it helps a lot.
Yesterday only, I typed the wrong password by mistake, that too 5 times. and it locked the login and I could unlock it ony via my own mailbox. This is a good plugin for such attacks.
One more point: If you feel your site has been compromised, do not forget to run a malware check on your website. Search Engines usually ban sites with malware on them.
A few I found on net are:
http://siteinspector.comodo.com/
http://wordpress.org/extend/plugins/sucuri-scanner/
http://www.unmaskparasites.com/
https://www.symantec.com/verisign/trust-seal?inid=vrsn_symc_ssl_SmallBiz
Although I was aware of it the moment it broke out, I never got such an email from wp. Was it only at self hosted ones?
I guess it has been happening for both Self hosted and general WP.com sites.
My blog was DDoS attacked...
Luckly my hosting company shut down it's servers fast.. :-)
What actually happened when it was under attack ? You were not able to login ?
Sign in to reply to this thread
