Sounds ominous, doesn’t it? I am seeing articles that are saying that these new attacks exploit WordPress installations–anywhere. But there are a few things you can do–because the exploits being taken advantage are include your basic username and password combination.
What can you do:
- CHANGE YOUR PASSWORD. If WebsByAmy (me) set up your username/password for your WordPress dashboard, the username is NOT ‘admin’ and your password is upper and lowercase letters and a few numbers. However, if you’ve changed that or added an administrator or if you currently have a text based password you ‘use for everything,’ CHANGE IT NOW. READ THIS article for some tips.
- UPDATE YOUR WORDPRESS. Are you updated to the latest version of WordPress? On your Dashboard, you’re told if you are not. Follow the directions to upgrade. What about it saying ‘back up your configuration’ before you do this? If you host with me, I have nightly backups, I can take you back to yesterday. If you don’t host with me but your hosting gives you cPanel–OR if you host with me and want your OWN personal backup of your entire installation (mailserver settings, etc.) watch this video.
- UPDATE YOUR PLUGINS (actually do that before you upgrade WordPress). EVEN the ones you aren’t currently using… sometimes plugins have security exploits so even if they aren’t active, they need to be updated–so just delete unused plugins.
If you have any questions, drop me a line.