The botnets are attempting to use the username admin – a default username in WordPress – and a series of password guesses to access sites.
What WordPress websites are at risk of botnet attacks?
- Those which have a username of admin with administrator settings AND which have a weak password.
Quick and Dirty Fix to WordPress website botnet attacks
- The quick and dirty fix is to change the password of the admin user from a weak password to a strong password – using a mix of letters, numbers and other characters should achieve this.
Full Solution to WordPress website botnet attacks
- This involves creating a new user to use as site administrator and then carefully deleting the admin user.
- I’d suggest exporting your content before doing this – just to be on the safe side – using Dashboard/Tools/Export.
- Create a new user with a strong password – it will tell you the strength as you type the password – and set the role as Administrator.
- Make sure you either know the password for this user or make a note of it.
- If already logged in as admin, log out and log in with this new user.
- CAUTION: Delete the admin user – making sure you ‘Attribute all posts to’ the new user first – otherwise you’ll lose your posts.
- The users list will then show the updated list of users, including the new user you created and no admin user.