Keeping the default settings on any Internet-connected service is just asking for trouble. It’s easy enough to scoff at people whose brilliant “12345” password fell victim to hackers, but it’s just as simple to target usernames. A number of WordPress bloggers discovered this the hard way, when their “admin” accounts became part of a hostile, exploitative botnet.
The attacks began last week, and have affected more than 90,000 blogs so far. The hackers behind the attacks have combed through WordPress accounts and attempted to guess passwords via brute force.