Developer Tips & Hints

Method 1 -  Through FTP There is also an easy way to reset your password via FTP, if you're using the admin user. 1. Login to your site via FTP and download your active theme's functions.php file. 2. Edit the file and add this code to it, right at the beginning, after the first wp_set_password('password',1); Put in your own new password for the main admin user. The "1" is the user ID number in the wp_users table. 3. Upload the modified file back to your site. 4. After you then are able to login, make sure to go back and remove that code. It will reset your password on every page load until you do. Wordpress MD5 Genarator : http://www.insidepro.com/hashes.php Method 2 -Run This PHP Script :)

1. Use a strong password Minimum password recommendations: - At least 8 characters total - Mixture of upper and lower-case letters - Numbers, punctuation or other non-alphanumeric characters Example weak password: secret1 Improved strong password: Z#hupsZ2M4!Z 2. Change default WordPress admin username When installing WordPress by default the administrator user has the username of admin. The botnet attack is currently only targeting this default username, so even having an administrator username of admin123 could signifiantly reduce the likilhood of your site being succesfully logged into by a malicious user. 3. Lock down WordPress admin access with .htaccess Utilizing a WordPress brute force plugin for this type of attack is not very efficient, and in some cases can actually lead to your site becoming unavailable due to the large amount of processing power used to attempt to challenge each and every malicious login attempt. Instead you should rely on the informat...

The information is to be used for educational purposes only. I’m not responsible for any misuse of this information. The following is meant to help you develop a cracking defensive attitude to prevent such attacks. In no way should you use this information to cause any kind of damage directly or indirectly. I started writing a Python script for brute forcing WordPress’ login page. Then I found this script by PuRiCeL .