The gist of the attack is that automated scripts are hammering at WordPress blogs that use the default names like “admin” for the administrator user. Since blogs which have changed their admin user name aren’t at risk, the security advice going around at the moment is
to make sure you’re not using “admin” as a username (as well as making sure that you have strong passwords for all of your accounts, of course) [EDIT: Hmm. It seems you can’t change a username once it’s been created. I’m sure there’s a plugin for that, but I haven’t studied it enough to give advice one way or another. Still, at least this will let you know if you’re at risk so you can go set stronger passwords to those accounts!].
But I host a lot of WordPress sites on my server (17 right now) and I don’t even have logins for all of those. So I needed a way to see what usernames each of the blogs on my server use.
So I wrote a script. This script will scan a root folder and look for wordpress blogs. It will then use the database credentials for each blog to log into mysql and look for the usernames that can log in. It will then tell you what those usernames are.
Since it seems like this script could be useful to folks other than me, I’m making it available in my public Mercurial repository. In the process, I went ahead and added a couple other scripts that I’ve written which you might find useful.
The direct link for the “Audit WordPress Blog Credentials” script is http://hg.jameswilliams.me/sysadmin_scripts/file/tip/wp_audit_blog_credentials.sh. You’ll find a link to download the “raw” version of the file on the left-hand side of the page.
I’m sure more scripts will make their way to this repository as I find things I need to automate (that aren’t particularly specific to my situation).
I hope this is useful!