There’s an aggressive attempt on virtually all WP installations worldwide where malicious intensions are involved to hijack WordPress sites that are not protected extremely well. Most WP users do not adhere to the strong password suggestions and will be victimized because of it.
What this means is that meanwile more than 100,000 IP’s running WP installations have been compromised and the end is far from known. What happens is that malicious software crawls the web in search of WP sites where in high volume attempts many of them have been able to crack the in many occasions too easy passwords.
How to identify yours has been compromised?
Symptons go from a very slow backoffice navigation, to sporadic downtimes of the site, unability to log into the backoffice and unwanted information being displayed on the site.
What can you do to prevent such hijacking?
There are basically two things you need to do immediately:
1. Login to your backoffice and change the passwords of all users to one that is harder to crack, making it a secure password (use upper and lowercase letters, no less than eight characters, and including “special” characters such as %^$€#@*&.
2. Password protect the wp-login.php file. How-To >>
If your site has been compromised or you need help with applying the above, please contact us at firstname.lastname@example.org or call us at +34 952 194 246.