(You may view this article also at http://Zeonhost.com/support_articles/wordpress_security_April_2013.php)

Dear ${account.ci.first_name},

If you use Wordpress for your website, please read the following important message. If you aren't sure if you use Wordpress, please see this page)

There has been a concerted effort by groups of hackers worldwide to break into Wordpress sites and use them to distribute spam and/or make attacks on other servers. According to researchers, unnamed attackers “are using more than 90,000 IP addresses to brute-force crack administrative credentials of vulnerable WordPress systems, researchers from at least three Web hosting services reported. At least one company warned that the attackers may be in the process of building a “botnet” of infected computers that’s vastly stronger and more destructive than those available today.”

We have been taking steps to prevent these break-ins, but there are some steps that require action on your part.

Steps we suggest you take immediately:

  1. If you use the ‘admin’ login, remove it. This default username is the one that is being targeted in the attacks. Create a new account with administrative rights, then delete the ‘admin’ account. Then log back in as the new user and delete the old admin account and assign all of the posts in that account to the new user.
  2. Update your administrative password to something more difficult. A secure password is a mix of at least eight upper and lowercase letters, numbers and ‘special’ characters (^%$#@*)!

Additional safeguards to consider:

  1. Update WordPress: Many hackers exploit holes that have been identified in older versions of WordPress, so keeping your install up to date is another easy way to avoid trouble, though this is not as immediately relevant as the above two action items.
  2. Install A Security Plugin: Using something like the Better WP Security plugin is probably a good idea in general, it won’t do anywhere as much in this case as the suggestions higher up the list. To limit login attempts, also consider this plug-in.

Please note, if you cannot log in to your Wordpress site, it is possible our server may have temporarily 'locked' your login due to attack attempts. Generally the login access is restored automatically within 4 hours.

Sincerely,

Support Staff
Zeonhost Hosting
www.Zeonhost.com


Zeonhost Inc.
1801 Wynkoop St, Suite 707
Denver CO 80202