The WordPress botnet attack is spreading. At risk is anyone whose WordPress setup includes a user name of admin. This would be almost ALL WordPress installations, as this is the default user name from a standard WordPress install.
What do you need to do? Log into your WordPress site EVEN IF YOUR USER NAME IS NOT admin, and go to your dashboard, click on All Users, and check to see if you have another user named “admin”. In most cases, there IS an admin account.
Take these steps accordingly (please read all steps before doing anything):
- If your user name is admin, and you have just logged in as such, go ahead and create a new user account. Make sure to give your new account Administrative privileges! Use a STRONG password. Then, log out of WordPress, log into your new account, go back to All Users, and delete the admin account, making sure to reassign all of your posts to the new user (don’t delete them!)!
- If your user name is NOT admin, but there is an admin account, you should only delete it after you are sure that you have full administrative privileges!! There must be an account that has administrative privileges.
Here is more information: