After a little investigation based on the information in the previous post, I found that these “zombie” attacks on WordPress sites are relatively common. What is happening in most cases is that a rogue robot computer tries to randomly login to a WordPress site under the username “admin” which is the default that WordPress uses when one first sets up an account. Since most people just go with the default, it is a very common username. The robot logins in repeatedly trying hundreds of different password to break in. When they do break in they can steal information and run havoc with your site.
There are three easy steps you can take to protect yourself :
- Creating a new administrator under a unique name. Delete the “admin” username.
- Install a plugin that limits the number of consecutive logins. (Search “Limit Logins” under Plug-ins at wordpress.org.)
- Update all other plug-ins to take advantage of new security features.
I have implemented these steps with my sites and plan to make this my default way of working in the future.