{"id":13659,"date":"2013-04-15T11:50:06","date_gmt":"2013-04-15T18:50:06","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=13659"},"modified":"2013-04-17T09:22:08","modified_gmt":"2013-04-17T16:22:08","slug":"wordpress-sites-hit-by-dictionary-attack","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/wordpress-sites-hit-by-dictionary-attack\/","title":{"rendered":"WordPress Sites Hit By Dictionary Attack"},"content":{"rendered":"

\"\"<\/p>\n

Using\u00a0really lame passwords<\/a>\u00a0for your online accounts is dangerous, but unfortunately many Internet users still fall into the bad habit of using weak, easy-to-guess passwords for their accounts. They don’t learn to use stronger passwords that are more difficult to crack until they’ve learned the hard way by having their accounts hacked or compromised. Lately WordPress users may be receiving some of this tough “come up with a stronger password” love, as there’s a new WordPress attack that focuses on taking advantage of folks who use weak passwords.<\/p>\n

The latest WordPress attack<\/a>\u00a0is using tens of thousands of infected users’ machines to attack WordPress sites. The attack commands infected users’ machines to go through a dictionary of common, possible passwords to try to log into accounts with the default username “Admin.”<\/p>\n

There are a few good ways to improve your security to avoid having your WordPress site commandeered by these attackers:<\/p>\n

1. Create an Administrator Account with a Different Username<\/h3>\n

You need to have an administrator account so you can take care of all the various administrative functions on your blog, but it doesn’t have to have the name “Admin.” Once you create a second administrator account, you can delete the default “Admin” account.<\/p>\n

2. Use a Strong Password<\/h3>\n

A password is only as useful as it is strong and unique. This attack is what that concept is all about. Make sure you use a strong password. If you need help coming up with one, check out our post giving 4 tips for creating secure passwords<\/a>.<\/p>\n

3. Implement 2-Step Authentication<\/h3>\n

Having a second step in the authentication process with stop this attack cold. WordPress is now offering two-factor authentication<\/a>, so implement it now if you haven’t already.<\/p>\n

This incident gives a pretty good view into the fact that most folks don’t have much by way of security in place on their digital property. By making a few small adjustments, you can put yourself out of the realm of easy pickings, and thus avoid many attacks.<\/p>\n","protected":false},"excerpt":{"rendered":"

Using\u00a0really lame passwords\u00a0for your online accounts is dangerous, but unfortunately many Internet users still fall into the bad habit of using weak, easy-to-guess passwords for their accounts. They don’t learn to use stronger passwords that are more difficult to crack until they’ve learned the hard way by having their accounts hacked or compromised. Lately WordPress […]<\/p>\n","protected":false},"author":6,"featured_media":13437,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[353,347],"class_list":["post-13659","post","type-post","status-publish","format-standard","has-post-thumbnail","category-security-news","tag-password-security","tag-wordpress"],"yoast_head":"\nWordPress Sites Hit By Dictionary Attack - The Mac Security Blog<\/title>\n<meta name=\"description\" content=\"Using\u00a0really lame passwords\u00a0for your online accounts is dangerous, but unfortunately many Internet users still fall into the bad habit of using weak,\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/wordpress-sites-hit-by-dictionary-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WordPress Sites Hit By Dictionary Attack - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"Using\u00a0really lame passwords\u00a0for your online accounts is dangerous, but unfortunately many Internet users still fall into the bad habit of using weak,\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wordpress-sites-hit-by-dictionary-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2013-04-15T18:50:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2013-04-17T16:22:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/04\/wordpress-thumb.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Lysa Myers\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lysa Myers\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wordpress-sites-hit-by-dictionary-attack\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wordpress-sites-hit-by-dictionary-attack\\\/\"},\"author\":{\"name\":\"Lysa Myers\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#\\\/schema\\\/person\\\/12b11624d5a648c576d8dce6f93b230a\"},\"headline\":\"WordPress Sites Hit By Dictionary Attack\",\"datePublished\":\"2013-04-15T18:50:06+00:00\",\"dateModified\":\"2013-04-17T16:22:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wordpress-sites-hit-by-dictionary-attack\\\/\"},\"wordCount\":344,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wordpress-sites-hit-by-dictionary-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wp-content\\\/uploads\\\/2013\\\/04\\\/wordpress-thumb.jpg\",\"keywords\":[\"Password Security\",\"WordPress\"],\"articleSection\":[\"Security News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wordpress-sites-hit-by-dictionary-attack\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wordpress-sites-hit-by-dictionary-attack\\\/\",\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wordpress-sites-hit-by-dictionary-attack\\\/\",\"name\":\"WordPress Sites Hit By Dictionary Attack - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wordpress-sites-hit-by-dictionary-attack\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wordpress-sites-hit-by-dictionary-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wp-content\\\/uploads\\\/2013\\\/04\\\/wordpress-thumb.jpg\",\"datePublished\":\"2013-04-15T18:50:06+00:00\",\"dateModified\":\"2013-04-17T16:22:08+00:00\",\"description\":\"Using\u00a0really lame passwords\u00a0for your online accounts is dangerous, but unfortunately many Internet users still fall into the bad habit of using weak,\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wordpress-sites-hit-by-dictionary-attack\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wordpress-sites-hit-by-dictionary-attack\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wordpress-sites-hit-by-dictionary-attack\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wp-content\\\/uploads\\\/2013\\\/04\\\/wordpress-thumb.jpg\",\"contentUrl\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wp-content\\\/uploads\\\/2013\\\/04\\\/wordpress-thumb.jpg\",\"width\":\"400\",\"height\":\"260\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wordpress-sites-hit-by-dictionary-attack\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WordPress Sites Hit By Dictionary Attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#website\",\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#organization\",\"name\":\"Intego\",\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#\\\/schema\\\/person\\\/12b11624d5a648c576d8dce6f93b230a\",\"name\":\"Lysa Myers\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a244278f35cc41c7ec676b36673dee0464ed8c7ceafb1ff484fdf13a916d126c?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a244278f35cc41c7ec676b36673dee0464ed8c7ceafb1ff484fdf13a916d126c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a244278f35cc41c7ec676b36673dee0464ed8c7ceafb1ff484fdf13a916d126c?s=96&d=mm&r=g\",\"caption\":\"Lysa Myers\"},\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/author\\\/lysam\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WordPress Sites Hit By Dictionary Attack - The Mac Security Blog","description":"Using\u00a0really lame passwords\u00a0for your online accounts is dangerous, but unfortunately many Internet users still fall into the bad habit of using weak,","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/wordpress-sites-hit-by-dictionary-attack\/","og_locale":"en_US","og_type":"article","og_title":"WordPress Sites Hit By Dictionary Attack - The Mac Security Blog","og_description":"Using\u00a0really lame passwords\u00a0for your online accounts is dangerous, but unfortunately many Internet users still fall into the bad habit of using weak,","og_url":"https:\/\/www.intego.com\/mac-security-blog\/wordpress-sites-hit-by-dictionary-attack\/","og_site_name":"The Mac Security Blog","article_published_time":"2013-04-15T18:50:06+00:00","article_modified_time":"2013-04-17T16:22:08+00:00","og_image":[{"width":400,"height":260,"url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/04\/wordpress-thumb.jpg","type":"image\/jpeg"}],"author":"Lysa Myers","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Lysa Myers","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/wordpress-sites-hit-by-dictionary-attack\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/wordpress-sites-hit-by-dictionary-attack\/"},"author":{"name":"Lysa Myers","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a"},"headline":"WordPress Sites Hit By Dictionary Attack","datePublished":"2013-04-15T18:50:06+00:00","dateModified":"2013-04-17T16:22:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/wordpress-sites-hit-by-dictionary-attack\/"},"wordCount":344,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/wordpress-sites-hit-by-dictionary-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/04\/wordpress-thumb.jpg","keywords":["Password Security","WordPress"],"articleSection":["Security News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/wordpress-sites-hit-by-dictionary-attack\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/wordpress-sites-hit-by-dictionary-attack\/","url":"https:\/\/www.intego.com\/mac-security-blog\/wordpress-sites-hit-by-dictionary-attack\/","name":"WordPress Sites Hit By Dictionary Attack - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/wordpress-sites-hit-by-dictionary-attack\/#primaryimage"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/wordpress-sites-hit-by-dictionary-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/04\/wordpress-thumb.jpg","datePublished":"2013-04-15T18:50:06+00:00","dateModified":"2013-04-17T16:22:08+00:00","description":"Using\u00a0really lame passwords\u00a0for your online accounts is dangerous, but unfortunately many Internet users still fall into the bad habit of using weak,","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/wordpress-sites-hit-by-dictionary-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/wordpress-sites-hit-by-dictionary-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intego.com\/mac-security-blog\/wordpress-sites-hit-by-dictionary-attack\/#primaryimage","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/04\/wordpress-thumb.jpg","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/04\/wordpress-thumb.jpg","width":"400","height":"260"},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/wordpress-sites-hit-by-dictionary-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"WordPress Sites Hit By Dictionary Attack"}]},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a","name":"Lysa Myers","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/a244278f35cc41c7ec676b36673dee0464ed8c7ceafb1ff484fdf13a916d126c?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/a244278f35cc41c7ec676b36673dee0464ed8c7ceafb1ff484fdf13a916d126c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a244278f35cc41c7ec676b36673dee0464ed8c7ceafb1ff484fdf13a916d126c?s=96&d=mm&r=g","caption":"Lysa Myers"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/lysam\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/13659","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=13659"}],"version-history":[{"count":8,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/13659\/revisions"}],"predecessor-version":[{"id":13673,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/13659\/revisions\/13673"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/13437"}],"wp:attachment":[{"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=13659"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=13659"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=13659"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}