There is currently a Mega cyber attack campaign being
launched on a large number of WordPress websites across
the Internet.
In April, 2012 we reported about a large distributed brute
force attack against millions of WordPress sites were
occurring, out of that hackers are successful to compromise
90,000 servers to create a large Botnet of Wordpress hosts.
According to the DDOS attack logs report received from a
'The Hacker News' reader 'Steven Veldkamp', victim's website was under under heavy DDOS attack recently,
coming from various compromised Wordpress based websites.
Possibly using the brute force attack on WordPress administrative portals with the a world list of the most commonly
used username and password combinations, attackers are taking control of many poorly secured WordPress Hosts

After analyzing the piece of a DDOS attack Log file from timing 23/Sep/2013:13:03:13 +0200 to
23/Sep/2013:13:02:47 +0200, we found that in 26 second attacker was able to perform DDOS
attack from 569 unique compromised Wordpress blogs. Hacked websites include blogs of Mercury Science and
Policy at MIT, National Endowment for the Arts (arts.gov), The Pennsylvania State University and Stevens Institute
of Technology.

From the table above you can determine that at least 30,823 WordPress websites out of 42,106 are vulnerable to
exploitable vulnerabilities, which can be detected using free automated vulnerability assessment tools.
Also in August, 2012 Researchers at Arbor Networks have uncovered a botnet called Fort Disco that was used to
compromise more than 6000 websites based on popular CMSs such as WordPress, Joomla and Datalife Engine.
If you are running WordPress sites, now would be a good time to ensure that strong passwords are always used
and that your username should be changed from “admin”.
Avoid Obvious Passwords, Scan your computer for viruses, keyloggers, rootkits, and botnet software. Most