Threat actors tried to hack nearly one million WordPress sites in the last week, according to a security alert issued by cybersecurity firm Wordfence. The threat intelligence team at Wordfence stated that hackers launched attacks from 24,000 different IP addresses and tried to break into more than 900,000 WordPress sites.
“We found that this threat actor was also attacking other vulnerabilities, primarily older vulnerabilities allowing them to change a site’s home URL to the same domain used in the XSS payload in order to redirect visitors to malvertising sites,” Wordfence’s security team said.
Indicators of Compromise
Wordfence also listed the top 10 IP addresses performing these attacks to help users to monitor their sites. These include:
“As these attacks appear to be targeted at vulnerabilities that have been patched for months or years, both Wordfence Premium and free Wordfence users should be protected,” the team added.
Wordfence urged users to update their website plugins and deactivate any plugins that have been removed from the WordPress plugin repository. “We did not see any attacks that would be effective against the latest versions of any currently available plugins, running a Web Application Firewall can also help protect your site against any vulnerabilities that might have not yet been patched,” it added.
An earlier independent study from WPScan stated that WordPress plugins are the biggest source of vulnerabilities and data breaches. It accounts to 54% of the global WordPress vulnerabilities count.