WordPress has been the victim of a ‘botnet’ attack targeting WordPress websites with the username ‘Admin’.
The botnet (a network of computers, often home computers that have been hacked into and effectively hijacked) try’s thousands of possible passwords in an attempt to find the real password that will allow access to the website and its content.
An estimated 20% of all websites across the globe are built on the WordPress platform and Admin is a common username as it is automatically assigned to new WordPress websites when they are created..
The easiest way to combat the attack therefore is to create new users accounts with strong passwords (definitely NOT ‘password’) and delete the Admin user account.
Adding software to the site that tracks login attempts including the IP address that’s making the attempt can help as individual IP addresses can be blocked from access at hosting level.