Semi Urgent - New logins

This is an extra email alongside the standard emails we send out as we have an issue with our servers.

First I'll introduce you to my favourite acronym: tl;dr (or tldr)

tl;dr = too long; didn't read.

If you want the really short version of this email, scroll to the bottom and see the very short version.

New Logins for your Wordpress admin

A new bot-net is running and Wordpress sites are the target. The bot-net is trying to log in with all different kinds of user names and passwords. They are looking for weak usernames and passwords like user "admin" and a password that is less than 9 letters long generally or are using a "dictionary attack" where the they use password lists that have already been stolen as a base for a password attempt, for example:

• chocolate
• ch0c0late
• choc0l@te
• ch0c0l@t3
• etc...

This is an effective attack as passwords are hard to remember and we usually gravitate towards recognisable patterns. (We'll have a piece on password managers in a future email)

This new bot-net is putting pressure on our login pages and if the frequency increases, will start to make the websites slow down.

We are going to mitigate this risk by hiding the admin login pages over the next few days that you use to get access to the Wordpress dashboard. We will rename the login url (different for each customer) and will put a link to the new admin page in the footer of your website (bottom of the page) like this:

You can click on that link to show you the new login page. This will stay the same so you can bookmark it from now on.

We will be making a maze for any bots that try to log into wp-admin from now so we tie up their machines without putting undue pressure on ours.

The usernames and passwords are the same as before. If you have asked your browser to remember the password so you don't have to, let us know and we can either help you recover the password or create you a new one.

Thank you for reading this and helping us keep our servers as secure as possible.

TL;DR:

1. Wordpress sites around the world are under attack from hackers trying to log in.
2. They are looking for weak username and passwords (i.e. user = admin, password = (less than 12 characters long)
3. We will move the login page from /wp-admin to something specific for your website (i.e. https://dev.coded.co.nz/wp-admin will become https://dev.coded.co.nz/rabbit-hole (yours will vary)
4. ** Over the next few days we'll be moving the admin link **
5. To log in to the new admin panel, we've put a link in your footers (bottom of the website page) so you can click it to find the new page.
6. 

As always, if you have any questions, please fire us an email and we are happy to help.