ISLAMABAD – Million of WordPress accounts and websites were targeted in thelast 24 hours as part of a major cyber attack with the aim of obtainingcredentials and other sensitive data.
The hackers behind the attack were trying to download a specific filecalled wp-config.php from WordPress websites since they contain crucialinformation such as database credentials, connection info, authenticationunique keys, salts, and more.
They tried to exploit vulnerabilities in WordPress plugins and themes suchas cross-site scripting (XSS). This was done to gain access to credentialsand ultimately take over the websites completely. However, QA engineer andthreat analyst Ram Gall explained in a blog post how the attackers failedto do so thanks to the Wordfence Firewall.
Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130million attacks intended to harvest database credentials from 1.3 millionsites by downloading their configuration files. The peak of this attackcampaign occurred on May 30, 2020. At this point, attacks from thiscampaign accounted for 75% of all attempted exploits of plugin and themevulnerabilities across the WordPress ecosystem.
Read Top Stories
Security researchers at WordFence were able to link this attack to aprevious one where hackers with 20,000 different IPs tried to installbackdoors and redirect users to malicious websites. They launched nearly 20million attacks on over hundred of thousands of websites.
As with every other hacking case, WordPress site owners can protect theirplatforms by keeping their plugins and themes up to date by applying thelatest patches released by creators. Outdated themes and plugins shouldalso be removed for the sake of security since they are no longermaintained.
