There is a major attack on WordPress sites in progress and your site could be vulnerable. Here are some simple ways to quickly protect your site:

Quick and Effective Ways to Protect Your WordPress Site from Attack

1. The attack targets sites using the default ‘admin’ login – if you are currently signing in to your site using ‘admin’ please go in and change it immediately.

2. If you do not log in using ‘admin,’ log in to your site and check the users settings to make sure there isn’t another user set up with that name (if so, change it – if your user access does not allow you to change other users, track the admin down immediately and ask them to do it).

3. Change the passwords for all users to “upper and lowercase letters, at least eight characters long, and including ‘special’ characters (^%$#@*).”

Additional Precautions:

1. Back up your site.

2. Make sure your WordPress, theme, and plugins are updated to the most recent versions (ask for help if you haven’t done this before).

Resources:

arstechnica.com

cloudflare.com