Do you have a WordPress install with “admin” as the administrative username? If your answer is yes, then I suggest changing the admin username to anything other than “admin”. There is reportedly a large botnet (90,000+) attempting a brute-force dictionary-based attack. It seems the hackers are trying to gain administrative log in credentials to take control of servers to strengthen their botnet. CAM Web Design (my company) went through all our sites, changing any “admin” usernames, thankfully there were not many that required this change – we have used a more creative administrative username for a few years now, following some advice we’ve read in the past.
HostGator is reporting:
“…a well-organized and very distributed attack. The company believes that about 90,000 IP addresses are currently involved…”
CloudFlare’s CEO Matthew Prince thinks:
“…the hackers control about 100,000 bots…and CloudFlare saw attacks on virtually every WordPress site on its network…”
We used the admin-username-changer WordPress plugin to change our “admin” username. Log into your WordPress install using your “admin” account. Locate and install the admin–username-changer plugin. Once activated, the plugin creates a user’s menu icon, once clicked, an option to change the currently logged-in username appears. Simply change the current “admin” username to anything you prefer, your done! One caveat, if your “admin” user is a multi-site super-user, be sure to create another multi-site super-user first. Changing a multi-site super-user username removes super user abilities when using this plugin. You’ll need to reinstate your new administrative user as a multi-site super-user.
We also suggest that you don’t post with the Admin username (whatever it may be), or at least use a nickname for the admin when posting. If you use the same username when posting the hackers need only figure out your password, since you’ve given them the username through posting.
Read more of the details on Tech Crunch’s website.