New Botnet Uses WordPress Sites


WordPress (Photo credit: Adriano Gasparri)


Cybercriminals have begun to infiltrate WordPress blog sites in order to create one of the largest botnets known to man. They’re breaking into blog sites by running password breaking programs. Those that have weak passwords are especially easy to infiltrate. Once they guess the password they set up a “back door”; a way that they can gain access from a computer anywhere on the Internet at any time in the future.


The attack then continues by using the WordPress blog site as members of a botnet and forced to launch password-guessing attacks against other sites running WordPress.


There are three issues at work here. First, that WordPress is being used because it’s a huge target of blog sites that may well be a record-breaking sized botnet. And that the cyber criminals can use the same malware to attack all of them, thus saving them the effort of developing additional malware. Second, it’s also being targeted because WordPress users aren’t known to be very security conscious and therefore probably use weak passwords that can be guessed with very little effort. And thirdly, this conscripting of WordPress blogs is part of a larger strategy to use such a large botnet for future attacks.


My advice to WordPress blog administrators is to create the strongest password they can muster, use an administrator username other than “admin”, and users can also restrict access to wp-admin so that it is only reachable from specific IP addresses. See the referenced article for additional ways you can protect your blog.


Reference: Brute Force Attacks Build WordPress Botnet


Be very careful…it’s dangerous out there.


Please comment on this article; we all learn from each other when our views and opinions are shared.


I hope you enjoyed this article. If you enter your email address in the Email Subscriptions box on the right column of this page, I’ll send you an email when a new article is posted. I don’t share your email address with anyone…no one; I hate spam too. Please share my site with your friends and family. Thanks.


Remember, personal computing is a blast…keep it productive and enjoyable.


Best regards,






I’m also on Twitter, @PaulsInternet.


Images courtesy of and




Filed under Cybercrime, Internet Security, malware, Warning

3 responses to “New Botnet Uses WordPress Sites

  1. Pingback: Wordpress Security - If You Blog, Read This - The Search Engine Blog

  2. Pingback: Denver Web Design, Denver WordPress, Denver Internet Marketing Company | Affordable Websites Denver, LLC

What do you think?

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s