Tag Archives: 12345

20f1aeb7819d7858684c898d1e98c1bb

What is the significance of “20f1aeb7819d7858684c898d1e98c1bb”? It’s the MD5 hash of the name “Anthony” and was the password used by someone who broke into lightbluetouchpaper.org. Searching for the md5 hash was clever, but it won’t work for long because Ryan is working on securing the WordPress cookies and passwords.
In case you’re wondering, the hacker got in because the blog was running an outdated version of WordPress.

Tips to help keep your blog safe:

  • Keep all your software updated, not just WordPress. Make sure your plugins are updated.
  • Use a strong password. Don’t use words or sequences of characters like “12345″ as your password. Make it a mix of characters and numbers.
  • Don’t ever store your database dump online in a place Google will index it. It is very easy to use a Google search to find it.
  • If you use public WiFi or a net cafe regularly, use SSL to secure the communication with your blog. Use the secure admin plugin for just this purpose.
  • If you use Firefox, install PwdHash. It’s simple to use and works really well.

WordPress MU admins – Fire up phpmyadmin and look at wp_users. Try these sql queries to find weak passwords in your database:

SELECT count(*) FROM `wp_users` WHERE user_pass = md5(‘wordpress’);
SELECT count(*) FROM `wp_users` WHERE user_pass = md5(’12345′);
SELECT count(*) FROM `wp_users` WHERE user_pass = md5(‘qwerty’);
SELECT count(*) FROM `wp_users` WHERE user_pass = md5(‘anthony’);
SELECT count(*) FROM `wp_users` WHERE user_pass = md5(‘Anthony’);
and because of the season:
SELECT count(*) FROM `wp_users` WHERE user_pass = md5(‘christmas’);

Scary isn’t it how many people still use simple passwords? I must release that “Strong password” plugin we use on WordPress.com soon. That will certainly help avoid account hijacking.