WordPress Sites Hacked!


WordPress Websites are being hacked and attacked!

In the words of WordPress expert blogger, Nile Flores:

“This is because there has been a global attack on sites using WordPress, specifically trying to find your password. This is not an attack on just one web host, but several.”

Please read Nile Flores’ recent blog post on “brute force attacks” against your WordPress blog or website and what you can do about it –> http://blondish.net/caution-brute-force-attacks-against-wordpress-sites/

Here’s a great article from WordPress expert and  blogger, Kimberly Castleberry on preventing “brute force attacks” along with an important related tutorial on a how to “Limit Login Attempts”  using the plugin of that name.

Here’s another great resource from WPbeginner.com on how to deal with “brute force attacks” –>


Here’s a link to an article on Jupiter Jim’s Marketing Team site about two of my favorite security plugins.

And please keep in mind that one of the best defenses against a hack or attack is to have a good backup!

Here’s a link to a Free WordPress Backup plugin on Jupiter Jim’s Marketing Team site.

And if you’ve got the money, then one of the Best Premium Backup Plugins is BackupBuddy by iThemes. (NOT an affiliate link!)

Ignorance is No Longer Bliss!

The days are pretty much over when all you had to do was install WordPress, a theme and some plugins before you were ready to “rock on with your bad self.”   Now you need to get real serious about backing up your sites and following proper security procedures.

Image provided by Dev Arka


Article Written by Jim Landers aka “Jupiter Jim”



Meet the Author

36 comments… add one
  • Chery Schmidt Apr 14, 2013, 10:02 pm

    HI Jim! Thanks for all the information This is Terrible!! Why do people do these kinds of things? I have enough challenges with the text ads I certainly don’t need to get my blog hacked Yikes! I did follow everyone’s advice so hopefully I will be safe.. Thanks for sharing Chery 🙂

    • jupiterjim Apr 14, 2013, 10:20 pm


      Glad you are doing the right things to protect yourself! Why do people do such things? Only God knows.

  • Nica Mandigma Apr 15, 2013, 5:49 am

    Thanks for this heads up, Jim! I saw something about this on Facebook over the weekend but didn’t have time to read or act on it.

    Notified my clients about this global brute force attack. For my own blogs, I am changing my passwords and installing the Limit Login attempts plugin. Is there anything else I can do?

  • Rambo Ruiz Apr 15, 2013, 5:59 am

    Now this is scary.. thanks Jim for letting us know

  • Clare Apr 15, 2013, 8:14 am

    Hi Jim,
    Very timely post. Yes, I read Kim’s email last week and immediately installed the Lockdown plug-ins on my sites. Made me really nervous…
    As you say, since most people are blogging for business, you can’t afford to be ignorant.


  • Koj Tajo Apr 15, 2013, 2:24 pm

    Hello Jim, first, I apologize for responding so late to your mail. And then, let me tell you your @jupiterjimmarketingteam is placed at top of ‘J’ list. 🙂

    And on the post now.. Its sad to see the storm brutally attacking the internet world. Many including my couple of blogger friends have been shakened, I feel for them. Nice post to roll out. Good timing too. :). All I did is taken a backup and installed limit login plugin.

    See you around a lot and nice to find your blog too.
    Have wonderful time ahead and happy blogging. 🙂

    – koj

    • jupiterjim Apr 15, 2013, 2:48 pm


      thanks so much for sharing and I wish your bloggers friends well!!!! Keep in touch!

  • jupiterjim Apr 15, 2013, 7:23 pm

    Which backup solution do you use?

  • nick catricala Apr 15, 2013, 9:00 pm

    Hey jim,
    thanks so much for sharing such an important info regarding WP… you have rendered a great service.
    THANKS so much for all you do to help others.

    • jupiterjim Apr 15, 2013, 11:15 pm

      Thanks Nick! It’s nice to be appreciated!

  • Donna Merrill Apr 16, 2013, 6:58 pm

    Hi Jim,
    Well, I am so Grateful that I know Kimberly and Nile!
    When this first happened, I received an email from Kimberly. I immediately changed my password and put in a plug in.
    We are so fortunate to know these two gals. Without them, I don’t know how I would survive. I thank you so much for this post and giving people links to who I call the two best gals in town!


  • Evan Apr 17, 2013, 4:22 am

    I recently upgraded my website but before I saw some of the codes posted here. It seems I need to root out whatever evil is hiding now inside my blog. Thanks for this advice.

  • David Merrill 101 Apr 17, 2013, 10:06 pm

    I appreciate the advice and resources here, Jim, especially as it relates to the importance of doing regular WP backups.

    There has been such an emphasis recently on preventing these brute force attacks, or foiling them in some way, that people often overlook the importance of having a good backup plugin and protocol.

    Remember, even without hackers, we are always in jeopardy of losing our sites and blogs for one of a hundred reasons. So, in my opinon, while prevention is essential, so is having a superb backup for if (or when) your worst nightmare occurs.

  • phpguy Apr 18, 2013, 4:40 pm

    That is right. Its exactly the reason I recently started a service that secure your Wordpress site at Hardenedwp.com

  • Nile Apr 21, 2013, 3:20 pm

    I was actually surprised that Syed and Kim did not have their notices out before my post as I have been recently busy. However, I was in the midst of a DDOS on my server and as noticing this before Sucuri ever put their notice out as well. My notice was within moments that HostGator posted theirs.

    I am really happy to see people spreading the word more to make sure their readers are well aware of these occurrences. I remember when it was a real inconvenience to find out days later why something happened.

  • Sofiya Apr 22, 2013, 1:27 am

    Excellent post. It is important to understand that malware is just one of the possible security problems that you can face. But there are many many more.
    Most of website/blog owners think of security when its already too late, when problems occur. It is much better and cheaper to stay proactive.

  • Keral Patel Apr 22, 2013, 5:02 am

    When I saw a sudden surge of traffic hitting my blog from all over I knew something was wrong. I changed my passwords too just somedays ago. It sucks that people do have so much time just to ruin someone’s hard work.

  • Farrell John Conejos Apr 22, 2013, 8:29 am

    Hey Jim,

    Well, its my first time to visit your sit. I was already aware of these wordpress attacks but I didn’t actually know that there where already counter measures made for it. This post mus be spread out so that others would know to fight these attacks or better yet, to avoid these attacks to occur. Thanks for sharing this informative post.

  • Sam Woods Apr 22, 2013, 11:06 am

    Thanks for the advice,

    I use a security plugin to help combat ‘brute force’ attacks, and have found this successful so far (fingers crossed). Also I try to backup as often as possible.

    As Wordpress is a system developed by countless programmers, there are unfortunately a few security risks and all you can do is try to plug them. For me though, the positives of Wordpress outweigh the negatives so I’m going to carry on using it 🙂


  • Lalita Bisht Apr 22, 2013, 12:02 pm

    Hacking is a big problem for webmasters. I use to backup my sites on daily basis. Thanks for sharing this informative post.I thinks this post is very helpful for many of us.

  • Steve Apr 26, 2013, 1:01 am

    HI Jim.. Thanks a lot for all the information.I don’t able to understand with what these people, will be benefited after doing these kind of stuff. I have installed some security scripts but still have keep following you here for further updates. Please keep posted.

  • Sofiya Apr 26, 2013, 2:10 am

    The main issue I see is that WordPress will always tell you whether your username is correct. So its easy for a botnet to detect whether the user is using admin as their main administrator account.

    The best plugin I’ve seen for simple hardening is securescanpro – as it hardens your site with a few clicks and provides captchas to bots.

  • Ansh Apr 26, 2013, 2:22 am

    If your username is not admin, then there is nothing to be worried about..

  • Marty Diamond Apr 27, 2013, 11:51 pm

    Thanks Jim – Great advice for all of us with Wordpress sites – Even if you’ve installed the plugin to limit attempts – it’s still a good idea to back up your data files – Marty

  • Lydia Brown Apr 28, 2013, 8:12 am

    Thank you Jim for this valuable information. I will definitely read the articles by Kim and Niles as you have advised. This was scary for me I lost access to my blog that week and Hostgator had to go in and fix somethings. My blog was ok but it crossed my mind if someone can hack Hostgator what chance do I have. I have about 20-40 spam comments per week now and trying the plug ins people mention but none seem to report a solid solution. Always love your blog.

  • Allie Dillard May 8, 2013, 12:07 am

    backup, or want advice on remote-office backup, you can learn about it on SearchDataBackup. We’ve compiled our best data backup and recovery technology tutorials on disk-based backup, backup security, backing up virtual machines, and more. Bookmark our data backup and recovery technology tutorial page and check back often to see what’s new.

  • Ti Roberts May 8, 2013, 3:17 pm

    Great post. It’s very important to keep your site secured and safe when attempting to run a online business. Thanks for sharing your thoughts and insights with us. I’m glad to have found your content on bizsuagr.com. I hope to see more of your posts there. 🙂


    • jupiterjim May 9, 2013, 11:17 am

      Ti Thanks for visiting me from BizSugar and for commenting! Have a great day!

  • jupiterjim May 12, 2013, 10:44 am

    If the file is too big, just download it to your computer.

  • Raena Lynn Jun 2, 2013, 2:43 pm

    Hi Jim,

    I read both articles and followed what Kim and Nile suggested. Lately it’s been crazy and all of us need to be aware of potential attacks and take the steps to secure our blogs. Backing up is the most important step to take and so many of your readers offered a lot of suggestions! This is a one stop post for security issues. Thank you for the information and spreading the word.

    Raena Lynn

    • jupiterjim Jun 4, 2013, 4:47 pm


      Thanks for reading and responding and taking action! Many people read these posts but then don’t do anything until it’s too late!

  • Dr. Erica Goodstone Jun 13, 2013, 9:27 pm


    Thanks for the heads up and the links to all those articles explaining what happens and what to do about it if your site gets hacked. Hopefully I never have to use this information. I do have a good backup.


    Dr. Erica

  • Steve Brown Jul 4, 2013, 6:39 am

    Hi Jim.. Thank you very much for all the information. I really feel very bad about such type of people. I don’t understand with what these people, will be benefited after doing these kind of stuff. Keep posting these type of posts. It will help people a lot.

Leave a Comment