Security firms are reporting a very large attack on what seems to be all sites using WordPress. One WordPress host reported an increase of an average of 40k failed logins per month to 77k failed logins per day! The failed logins are coming from a large amount of different IP-numbers and is therefore hard to block. The advice from Matt Mulleweg, creator of WordPress, is: remove the old standard admin-account (if it still exists), use a strong password and as always, keep your WordPress installation up to date!
This brings up the question “is WordPress a secure platform?”. In my opinion the answer is a resounding YES! If the hackers have a bot network at their disposal and the means of attack is a brute force password attack then there really isn’t much you can do about it. Had WordPress had any known single fatle flaw the hackers would have used that instead. Apparently it doesn’t!
Any platform large enough will be the target of hackers, much like Windows is under heavy attack as a operating system. There have been known bugs in WordPress, allthough the latest such vulnerability was acctually a bug in a popular templates subclass and not in WordPress in itself. The WordPress community quickly responded and fixed the bug.
I feel secure to continue to use WordPress as my main platform for my blogs, so should you!