WordPress has been attacked by a botnet of “tens of thousands” of individual computers since last week, according to server hosters Cloudflare and Hostgator.
The botnet targets WordPress users with the username “admin”, trying thousands of possible passwords.
The attack began a week after WordPress beefed up its security with an optional two-step authentication log-in option.
The site currently powers 64m websites read by 371m people each month.
According to survey website W3Techs, around 17% of the world’s websites are powered by WordPress.
“Here’s what I would recommend: If you still use ‘admin’ as a username on your blog, change it, use a strong password,” wrote WordPress founder Matt Mullenweg on his blog.
He also advised adopting two-step authentication, which involves a personalised “secret number” allocated to users in addition to a username and password, and ensuring that the latest version of WordPress is installed.
Delivered by The Daily Sheeple
We encourage you to share and republish our reports, analyses, breaking news and videos (Click for details).
Contributed by BBC News of www.bbc.co.uk.