wordpress attack 30 million target!

It’d be easy to dismiss the recent reports of a botnet attack on sites running the WordPress content management system (CMS) as yet another cry-wolf scare story from an exaggeration-prone web hosting company eager for business. After all, one of the earliest posts about the attack was from CloudFlare, and they’ve got form.

Less than a month ago, CloudFlare chief executive officer Matthew Prince spun the distributed denial of service (DDoS) attack against Spamhaus into “The DDoS that almost broke the internet”, and he shamelessly told The New York Times that “These things are essentially like nuclear bombs … It’s so easy to cause so much damage.”

An extreme cynic might even note that this botnet, claimed to be 90,000 computers strong, is conducting brute-force password-guessing against WordPress sites around the planet just days afterWordPress.com announced two-factor authentication for sites hosted on its own infrastructure — just the thing to mitigate against that risk. I couldn’t possibly comment.

But despite the lack of vaporised cities and radioactive fallout, or even any serious impact so far, these WordPress attacks have the potential to get a lot worse — thanks to the very factors that make WordPress such a popular CMS.

WordPress’ big selling point is ease of use. That means it has massive appeal right at the bottom end of the market.

Down at this level, even in 2013, websites are usually little more than static brochureware that gets updated rarely, if at all. With nothing to change, the sites’ owners don’t log into WordPress, so they don’t see the software upgrade notices. Or if they do, they don’t know what they mean.

This is where businesses are reluctant to spend even a thousand dollars on a site, so asking them to fork over more money for “maintenance” is a waste of time — what visible difference does it make?

Besides, they’ll say, they have someone who “takes care of” their website.

That someone is generally a “web designer”, not a developer. WordPress has been a boon for them. Its multitudinous free or cheap themes and plugins make it possible to build a decent website with plenty of functionality without having to dirty their hands with actual code. Or dirty their minds understanding it.

Forgive me, for I’m about to commit the sin of extrapolating from personal experience, but in nearly two decades, I have yet to encounter a “web designer” with halfway-decent security practices — by which I mean creating a different login for every human rather than a generic “admin” account, creating strong passwords, not reusing passwords, deleting unused accounts, and not blithely emailing a business’ master internet hosting password to any sub-contractor who might need momentary access.

Indeed, many of those I’ve encountered have deliberately set the WordPress admin password (or its equivalent in pre-WordPress days) to be exactly the same as their client’s hosting account master password, their domain registry password, the login on their PC, and everything else in sight to “make it easier” — because that gets rid of those annoying “I’ve lost my password” support calls.

WordPress is now the tool of choice for these people, and they’ve built millions of WordPress websites.

But have they maintained them? No.

As I write this, the WordPress download counter tells me that 17,594,130 people have downloaded the current WordPress version 3.5 and, erm, counting. But over at the statistics page, a rather alarming pie chart tells us that version 3.5 accounts for only 30.5 percent of running WordPress installations.

More than two-thirds of WordPress installations are running versions with known security vulnerabilities? A password-guessing botnet would be the least of our worries.

While CloudFlare was talking up this attack, Sucuri Security was talking it down. They were seeing “only” around three times the number of password-guessing attempts they usually see.

Could it be just a trial, or the calm before a much bigger storm? My impression is that WordPress sites are usually hacked as part of black-hat search engine optimisation (SEO) operations, posting links to their masters’ websites for the extra Googlejuice, with no attempt to compromise the hosting account or the server it runs on.

Yet most low-end WordPress sites run on servers with plenty of spare capacity. “Apparently, someone is building a formidable botnet of compromised WordPress accounts that is likely to be used in a much larger attack,” said a relatively sober post at Threatpost, though they add one proviso: “Some experts are speculating.”

Speculating they are. And I am. But there’s maybe 30 million WordPress sites there for the taking, and that’s a lot of firepower.

wordpress Hotels themes

WordPress.com now offers hotel, inn and bed and breakfast owners and managers the ability to showcase their properties with the help of a new responsive themejust for hotels. In addition, the service also today launched a special sitededicated to showing hotel owners how they can use the service to promote their properties.

For WordPress.com, adding this hotel vertical is part of a now-familiar pattern. Over the last few months, WordPress.com has been making a concerted effort to launch special verticals for businesses like restaurants and use cases like sites for schools and personalportfolios for photographers and designers. The emphasis here is clearly on showing how WordPress.com can be more than “just” a blogging tool and emphasizes the service’s overall content-management features.

stay_theme_wordpress

The new responsive theme is fully customizable and specifically geared toward hotels. It uses WordPress’ page template feature to allow owners to add the details about theirrooms and amenities and also features a reservations widget that allows users to easily contact the owners with their travel plans. This widget, it is worth noting, does not allow users to directly book a room, however, and isn’t currently integrated with any payments solution.

Typically, WordPress uses these announcements to highlight some of its paid upgradeslike custom domains, extra storage and custom design features. Most hotel and B&B owners probably don’t need these, so the company doesn’t highlight them in today’s release, but chances are, WordPress.com’s overall strategy of launching these verticals is mostly geared toward adding more professional users to the platform, given that they will also be more likely to pay for these upgrades.

Auto Content Cash – WordPress Auto Blog System

Auto Content Cash – WordPress Auto Blog System
Auto Content Cash - WordPress Auto Blog System
The Wickedly Effective WordPress Auto Blog System Is Now Revealed. Auto Content Cash.
Auto Content Cash – WordPress Auto Blog System

Awesome Optin WordPress Popup Plugin
Awesome Optin WordPress Popup Plugin
High Conversions! Guaranteed To Build Your List And Make Your Blogs Super Awesome.
Awesome Optin WordPress Popup Plugin

Authority Pro Super Premium WordPress Theme For Marketers

Check out these wordpress products:

Authority Pro Super Premium WordPress Theme For Marketers
Authority Pro Super Premium WordPress Theme For Marketers
Authority Pro Is A Revolutionary New Premium WordPress Theme Made For Marketers By Marketers.
Authority Pro Super Premium WordPress Theme For Marketers

Authortheme – WordPress To Kindle Publishing
Authortheme - WordPress To Kindle Publishing
Authortheme Is A WordPress Theme That Makes Creating Your Kindle Books And Kindle Book Covers Simple. Submit Your Books To Amazon And Create A Promotional Web Site In Minutes By Clicking A Few Buttons. Fully Responsive And Powerful Theme.
Authortheme – WordPress To Kindle Publishing

Auto Blog Pro – WordPress Autoblogging Plugin
Auto Blog Pro - WordPress Autoblogging Plugin
Easily Create Niche Auto Blogs With This Plugin – Schedule Your Posts To Go Up At Random Times, Making It Look Like A Human Is Actually Posting Them. Get Affiliate Tools Here:
Auto Blog Pro – WordPress Autoblogging Plugin

WP All Import WordPress Datafeed Importer Plugin

WP All Import WordPress Datafeed Importer Plugin
I've written about Datafeedr in the past as a paid WordPress plugin that I have used to create affiliate sites with datafeeds. WP All Import I looked around at the alternatives a while back, and I didn't see anything in a league with Datafeedr. But I …
Read more on FeedFront Magazine

How To Build a Website With WordPress…Fast! (2nd Edition – Read2Learn Guides) (Volume 2) Reviews

How To Build a Website With WordPress…Fast! (2nd Edition – Read2Learn Guides) (Volume 2)

How To Build a Website With WordPress...Fast! (2nd Edition - Read2Learn Guides) (Volume 2)

-How To Build a Website With WordPress…Fast! [2nd Edition]

“Easily Build a Professional Website In 15 Minutes Using Our Simple Step-By-Step Guide”
Do you need a simple training guide? This guide is simple.Are you short on time? This book is fast paced and easy to read!Do you learn better with pictures? This book is FULL of pictures.Invest a few tax-deductible dollars in this easy-to-read eBook now! 

You need help with WordPress, and you need an easy step-by-step guide. Th

List Price: $ 7.97

Price: [wpramaprice asin=”1480194298″]

[wpramareviews asin=”1480194298″]

WordPress: The Missing Manual (Missing Manuals)

WordPress: The Missing Manual (Missing Manuals)

Whether you’re a budding blogger or web development professional, WordPress is a brilliant tool for creating websites—if you know how to tap its impressive features. This jargon-free Missing Manual shows you how to use WordPress and its themes, plug-ins, and widgets to build just about any website you can imagine, from a classy blog to a basic e-commerce site.
The important stuff you need to know:
Create a blog. Get a free WordPress.com account, choose the right theme, and start pu

Price: [wpramaprice asin=”B009RYDV0G”]

[wpramareviews asin=”B009RYDV0G”]
[wprebay kw=”wordpress” num=”35″ ebcat=”-1″] [wprebay kw=”wordpress” num=”36″ ebcat=”-1″]

Related WordPress Products