Brute Force Attacks Build WordPress Botnet — Krebs on Security | WordPress and Annotum for Education, Science,Journal Publishing |

According to Sucuri, WordPress administrators who have been hacked should strongly consider taking the following steps to eradicate the intruders and infections:


- Log in to the administrative panel and remove any unfamiliar admin users (the first step after the attackers get in is to add a new user).


- Change all passwords for all admin users (and make sure all legitimate accounts are protected with strong passwords this time!)


- Update the secret keys inside WordPress, otherwise any rogue admin user can remain logged in.


===> Reinstall WordPress from scratch or revert to a known, safe backup. <===