Its been reported that, Hackers have developed a distributed WordPress admin account cracking scheme that poses a severe risk for the security of blogs whose owners select insecure passwords.
What it does is,
There are some PHP scripts which run on some servers which can be virtual. These php scripts are programmed in a way to do BruteForce or Dictionary Attacks on the wordpress blogs that they select.
ISC security watcher Bojan Zdrnja wrote,
“While this particular version is relatively simple, the power behind the script and the MySQL database allows the attacker to distribute the attacks not only by sites, but also by passwords tried as well.
Finally, if you are using WordPress (or any other blog tool), be sure that access to the admin interface is as limited as possible. This means choosing strong passwords, changing the admin username if possible and limiting access by IP addresses.
WordPress brute force attacks have been around for quite some time already (similarly to SSH brute force attacks, for which we at SANS ISC are getting reports daily), so we can expect that the bad guys will start using such advanced techniques for attacking other services as well.”
Well so its time to change your wordpress password. I am changing mine.