More than 90,000 WordPress sites have been affected by a massive hacker attack that could aim at creating the biggest, most aggressive botnet ever seen. The attack is based on brute force attempts to guess the password, according to several web hosting services that reported the threat.

The source of the attack has not yet been identified. The hackers are using a program that tries to guess the targeted WordPress blog’s authentication credentials by cycling through the most common 1,000 usernames and passwords. This is a very efficient method to breach those systems that still use the WordPress default login data or other easy to guess passcodes, such as “admin” or “1234.”

WordPress Facing Massive Botnet Attack

What is a botnet?

Once the blog is breeched it is drafter into what is known as a botnet: a network of compromised systems that can be used in various online attacks and may be especially valuable for denial-of-service types of attacks.

Although access to individual blogs is not likely to be very useful for any hacker, a mega network of over 90,000 IPs is likely to cause some serious trouble if used for online fraud attempts or other cyber crime purposes.

How to stay safe

There are some simple steps you can take to keep your WordPress site safe from being compromised by this hack. The first and most important is to change your username and password if you’re still using the default admin credentials or some of the most common used authentication codes.

Also make sure to avoid using obvious usernames and passwords. The best authentication codes, as you may already know, are based on a combination of at least eight characters which include numbers, special characters and letters, both upper and lower case. Another option you have is to use two-factor authentication methods to verify that whoever tries to access your site is human, not a machine.

By following these recommendations and keeping WordPress constantly updated you can help your blog withstand some of the most commonly used hacking methods and keep your online data safe from cyber criminals.

[Image via metanoodle]