I know it don’t thrill you…

Here comes another working week, bearing down on us as inexorably as a runaway freight train on tracks we can’t escape. Lie flat and still, kiddies, because if you lift your head up it’ll get knocked clean off.

Someone’s having a fine time this morning trying to crack WordPress installations. My inbox is blowing up with notices of failed logins from all over the place — on different sites, and with remote hosts all over the globe. How fun! The Voidpress blows dirty old goats, security-wise, and it wasn’t all that long ago that hundreds of thousands of WP installations were cracked wide open by a distributed attack. The news about this one might be interesting, when it breaks. If you’ve got a WP installation somewhere that has any of the following user names, assign the administrator rights to some other user and delete the account(s) listed below:

  • admin
  • adm (actually anything beginning with these three letters)
  • administrator
  • aaa (started appearing a few hours ago)
  • test
  • user
  • qwerty
  • root
  • sysadmin
  • manager
  • support

I know it don’t thrill you I hope it don’t kill you…

UPDATE: It appears that the list of attempted user names is growing, so the hot ticket would be to delete any account that’s using a role name (e.g. Administrator) rather than a personal name.

Advertisements

3 thoughts on “I know it don’t thrill you…

  1. Tracy

    hmmm, my wordpress account does not allow deletion of the admin username even when another name has been given admin rights. rude.
    We occasionally deal with people trying to break in to our customers systems, usually brute force attacks and it’s becomes like a sporting event in the office watching the ups and downs.
    Enjoy.

    Reply
  2. Tracy

    You know, after I typed that comment and hit post I did the SMH and realized I had been trying to delete ADMIN while logged in as ADMIN. There is a reason my job is to just fill out the paperwork and make sure the actual techs are doing their job. doh.

    Reply
    1. happierheathen Post author

      Kinda weird how that works, eh? 😀

      I don’t sweat these kinds of attacks on the WP installations I’m involved with as I’ve got Wordfence on every one of them and have got my clients convinced to use strong passwords and no role accounts. There’s not an admin or a webmaster or a root anywhere in the WP users tables. Good thing, too, since I switched off the email reporting after receiving nearly 7,000 messages. They’re persistent, those darn bots are.

      Reply

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s