An industrial sized botnet with almost 100,000 IP addresses has been used over the last week to attack tens of thousands of WordPress websites.
The attack comes just weeks after WordPress announced the introduction of two factor authentication as an enhanced security feature. The botnet attacked the default ‘admin’ username that many users fail to change instantly. The botnet then attempted to access the sites using thousands of potential passwords in the hope of a hit.
An attack of this scale can cause huge amounts of damage using Distributed Denial of Service (DDoS) techniques, and have the ability to generate phenomenal volumes of web traffic. There are fears from experts that this occurrence is a base for a much larger attack on the online world.
All WordPress users are advised to change their user names and adopt a two factor authentication process in order to keep their site fully secure.