WordPress sites targeted by brute-force botnet attack

There is a botnet consisting of more than 90 000 hosts crawling and brute-force attacking (using the following list: https://krebsonsecurity.com/wp-content/uploads/2013/04/WPpasslist.txt) WordPress installations. Because of this, it’s important that you make sure your WordPress installation is secure.

We strongly advise all users to delete the “admin” account after adding another administrator, adding 2-factor authentication such as http://wordpress.org/extend/plugins/google-authenticator/ and have a look at http://codex.wordpress.org/Hardening_WordPress.

On top of that is the obvious to make sure you have your WordPress Core and Plugins up to date.

More information: http://www.us-cert.gov/ncas/current-activity/2013/04/15/WordPress-Sites-Targeted-Mass-Brute-force-Botnet-Attack