WordPress Security

Dear Society for Medical Anthropology Blog Visitors,

You may have heard that there is a botnet or brute force attack against WordPress and Joomla sites. In this type of attack a computer program visits WordPress and Joomla sites and attempts to log-in using the default “admin” login name. If you are a member or user of the SMA or Global Directory websites, your login information is safe. As with all login credentials, please ensure that you use a strong password.

WordPress creator Matt Mullenweg has released a statement regarding the current issue:

“If you still use “admin” as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress. Do this and you’ll be ahead of 99% of sites out there and probably never have a problem. Most other advice isn’t great — supposedly this botnet has over 90,000 IP addresses, so an IP limiting or login throttling plugin isn’t going to be great (they could try from a different IP a second for 24 hours).”

Once again, if you manage your own WordPress site, please take a moment to strengthen your administrator credentials by changing the login name to something other than “admin” and  choosing a strong password.

Best regards,
Sean Bruna-Lewis
Webmaster, Society for Medical Anthropology