A massive brute force attack is targeting WordPress sites worldwide, and Mark has been busy locking down his own installations. In this episode, he explains exactly what the attack does, gives you three steps to protect yourself, and then dives into why keyword research is the most important skill in internet marketing — with real listener questions to illustrate the point.
What You'll Learn in This Episode
- What the 2013 WordPress brute force attack was and why it mattered
- Three immediate steps to secure your WordPress installation
- How to think about consumer intent when selecting keywords
- Why keyword research can make or break your niche site before you write a single word
- How to evaluate whether a niche has enough search demand to justify building a site
Episode Summary
Mark opens with the WordPress attack that was making headlines in April 2013. The CERT website documented a botnet-driven brute force campaign targeting WordPress installations with the default “admin” username. The attackers' goal was to hijack sites and build a massive botnet for denial-of-service attacks — the same kind of attack that had recently taken down Pat Flynn's site.
Mark's three-step protection plan: update all themes, plugins, and WordPress core; eliminate the “admin” username by creating a new admin account and demoting the old one; and install the Limit Login Attempts plugin to throttle failed login attempts.
The episode also features listener Michael's question about whether internet marketing is a legitimate path to income, plus Patrick's question about keyword targeting for a test preparation site. Mark uses both questions to demonstrate the critical importance of understanding searcher intent — the foundation of all effective keyword research.
Key Takeaways
- WordPress security basics — update everything, change default usernames, and limit login attempts — prevent the vast majority of brute force attacks
- Keyword research reveals what your potential audience is actually thinking and searching for
- Consumer intent determines whether a keyword is worth targeting: someone searching “how to format a hard drive” is not the same audience as someone searching “computer technician exam”
- The SEOmoz (now Moz) quote still holds: keyword research offers “the lowest barrier to entry in understanding the motivations of consumers in virtually every niche”
What's Changed Since This Episode
WordPress security has matured significantly since 2013. Automatic minor updates, two-factor authentication plugins, and managed hosting security layers have made WordPress much more resilient. The specific attack Mark describes — brute-forcing the “admin” username — is now prevented by default on most modern installations.
Search intent classification has become formalized in SEO. Google's algorithms now categorize queries as informational, navigational, transactional, or commercial investigation, and the search results pages are structured accordingly. Mark's advice about matching content to searcher intent was ahead of the curve and remains foundational.
The Google Keyword Tool was replaced by Google Keyword Planner shortly after this episode aired. Modern keyword research relies on tools like Ahrefs, Semrush, and Google Search Console for more accurate and actionable data.
Resources Mentioned
- CISA (formerly CERT) — U.S. government cybersecurity resource
- Limit Login Attempts Reloaded — WordPress security plugin
- Moz Beginner's Guide to Keyword Research
- Late Night Internet Marketing Podcast
Related Episodes
If you found this episode helpful, you might also enjoy:
- LNIM055 Transcript — WordPress Attack Security (Full Transcript)
- LNIM054 — Niche Keyword Competition
Listen and Subscribe
Listen to Late Night Internet Marketing on Apple Podcasts or subscribe at latenightim.com/internet-marketing-podcast/. Have a question for Mark? Call the digital recorder at 214-444-8655 or drop a comment below.
Hey Mark, I enjoyed the podcast today. Regarding your recommendation on the WordPress username, when I go to the edit option for the default admin user there is a note that says “Usernames cannot be changed.” I also don’t see the option to change the default admin user to a subscriber.
Any recommendations?
Hey Mark, I’ve solved the Admin username issue. I had previously listened to your podcast where you interviewed Dustin Hartzler at yourwebsiteengineer.com. He has a podcast posted on the issue also. Between the two of you, I was able to figure it out. Thanks!
Excellent. Glad you got it fixed, and very glad you enjoyed the episode.
in what way can I join the forever affiliate facebook group you have? I have already been in the course.
Awesome. Welcome. Go to http://LNIM.co/fagroup and hit the request access button.
I am just getting started and very new at this. I didn’t realize how important the whole keyword thing was. I am sure glad I found your website. I have so much to learn and will be spending quite a bit of time on your site. Thanks for all the info…..
You are welcome Sara. Glad I could help.
Hi Mark,
I just tread the report you’ve linked to, and I am a bit disappointed to read that the people who have made Keyword Canine tell you to look in the Google keyword tool under Competition for low or moderate competition. They say this won’t be as accurate as their own tool, but that it will help nevertheless…
This is clearly the wrong use of the competition value in the Google keyword tool, and someonelike Jonathan Leger should know better!
You are right. I saw that too and I actually discuss this in episode 56 (not yet released). This paragraph is not clear, and is wrong as written. I am 100% certain they did not mean advertiser competition, but it comes across that way for sure. I will talk to Josh (who understands advertiser competition very well) and get him to clarify. Thanks for the feedback.
Josh is claiming Ad Comp is roughly correlated to SERP competition. I’ll run a regression and test this tonight — but I understand what he is saying now, and I agree with him (but I still don’t like the way that he wrote it in the report).
Yes, I agree that there’s a general correlation between high AdWords competition and high keyword ranking competition.
However, low AdWords competition not only means low ranking competition, it also means “no money”… at least if you’re trying to monetize the keyword through AdSense.
My personal goal in keyword research has always been to find keywords with high AdWords competition and low ranking competition, so that you can easily rank but nevertheless make some money. What would be the point to rank for keywords that noone pays for?
I’m not even sure the correlation is that great. It’s is a very poor approximation at best. I understand Josh’s point, but I agree with you that this is exactly the reason to invest in a paid tool that tries to estimate the competition.
Hey guys, we didn’t want readers of the report to feel like they HAD to have KC in order to implement the strategies in the report. Yes, it was worded correctly. The advertiser competition, while obviously not thorough, it gives a good, rough understanding of competition for those who don’t want to invest in something like KC to get a much more accurate competition analysis. In general, if ad competition is high, then organic competition is also going to be high. Advertiser competition can vary based on commercial intent, but it’s better than nothing.
I get that — so we agree that Google AdWords is reporting Advertiser competition, and that Ad Comp is not the same as SERP comp. What you are saying is that you have observed that as a rule, high Ad comp means there is money to be made. If there is money to be made, the organic guys know that too. So, often times high Ad comp means hard to rank.
Might be good to amend the report to say something that makes it more clear….but thanks for responding so quickly.
Hi Josh,
Thanks for responding. I understand what you intended to imply with this statement. However, I have found on numerous occasions that people new to internet marketing get the wrong idea about this AdWords competition value and even some reputable information products teach this the wrong way, so I wanted to have this made clear.
And in the end, having such a clearly defined numeric value attached to ranking competition is one of the reasons people should use advanced software like keyword canine, so nothing wrong in telling it like it is! 😉
Exactly. No problem.
Hey Mark, I have no idea how you do it all! You are an inspiration to us who don’t quite work so hard!
Thanks man. One way that I do it all is that I hire great people to help me (this means you, dude).
Great podcast! That wordpress attack bot is pretty vicious. I haven’t had it hit any site I work with but an colleague showed me the results of it in a confined environment. Yeech!
Enjoying the podcasts. Your point about having an audience for whatever venture you’re undertaking is a good one. It’s nice to have something you’re personally interested in also be profitable but often we have to market something we have no interest in whatsoever. That separates the pros from the hobbyists!
I’m thinking of trying to promote a prom dress niche. Someone told me it wouldn’t be profitable because the product is seasonable. Yet, when I was in high school, we started shopping for dresses early and my friend spends gobs of money on them. Seems it may do ok for a secondary niche site. Thoughts?
As always, the key is keyword research. The question is are people searching on like for prom dress stuff and do they buy on line. I’d also look into pintrest. I bet there is ton’s of prom dress traffic there.