A botnet using more than 90,000 IP addresses to crack WordPress admin accounts may be used as part of a larger plot to disrupt online users, according to researchers.
WordPress founding developer Matthew Mullenweg warned users of widescale hacking attempts underway against users with admin set as a username.
The botnet targeted the accounts with brute-force attacks using common passwords.
Mullenweg advised anyone with the admin login to change it, as well as their password, and to turn on the site's newly implemented two-factor authentication feature.
CloudFlare, a San Francisco-based security and site performance service provider, and web hosting provider HostGator suggested the botnet could be using home-based machines to assemble a more destructive network capable of carrying out distributed denial-of-service (DDoS) attacks on the web.
Compromised WordPress servers would give the botnet much more bandwidth to use for malicious purposes.
CloudFlare co-founder Matthew Prince said a similar attack method was used to stage the ongoing DDoS campaigns against several banks in the United States.
In those incidents, hackers targeted WordPress users running an outdated TimThumb plug-in, a popular image resizing tool, to exploit the accounts and turn infected accounts into DDoS tools pointed toward American banking sites.
Prince said targeting WordPress servers gives attackers an “army of bots” with “fairly big connections to the internet."
“The harm is that, if your blog is compromised, the server resources can be used to launch attacks against other parts of the internet infrastructure,” he said.
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
