In a massive cyber attack, hackers have targeted more than 1.6 million WordPress sites.

In a massive cyber attack, hackers have targeted more than 1.6 million WordPress sites.

Wordfence, a cyber security firm, claims to have discovered an ongoing wave of attacks originating from over 16,000 different IP addresses.

According to the Wordfence Threat Intelligence Team, an uptick in attacks has occurred in the last 36 hours, focusing on security flaws in four WordPress plugins and 15 Epsilon Framework themes.

So far, Wordfence claims to have blocked over 13.7 million attacks.

Kiwi Social Share, WordPress Automatic, Pinterest Automatic, and PublishPress Capabilities are the four plugins being targeted.

According to Computing, the plugins are vulnerable to "Unauthenticated Arbitrary Options update" vulnerabilities.

Hackers are also using a "Function Injection" flaw in 15 Epsilon Framework themes to update arbitrary options, according to reports.

There is currently no patch for one of the 15 themes.

The following Epsilon Framework themes and versions are being targeted:

In most cases, the hackers change the "users_can_register" option to "enabled" and the "default_role" option to "administrator," according to Wordfence analysts.

This allows hackers to take control of a website by registering as an administrator.

The following are the top three offending IPs:

Website administrators are urged to review all users and look for any unauthorised accounts to see if their site has already been hacked.

Any rogue additions should be removed as soon as possible by administrators.

They should also check the site's settings at 'http://examplesite[.]com/wp-admin/options-general. php' to ensure that the Membership setting and the 'New User Default Role' are set correctly.

Additionally, all WordPress plugins and themes should be updated as soon as possible.

Cybercriminals inserted code into websites that redirected users to a malicious website.

Hackers used a flaw in the Social Warfare plugin to attack websites in the same year.

Criminals injected JavaScript code into social sharing buttons on a website's posts.

In 2017, it was discovered that a popular WordPress plug-in, which had been installed on around 300,000 websites, had been infected with malicious code, allowing hackers to gain access to them.

Last month, hackers broke into GoDaddy's servers, gaining access to the data of nearly 1.2 million active and inactive Managed WordPress customers.

The criminal was able to see their customer numbers, email addresses, passwords for the secure file transfer protocol and database, as well as database usernames for active customers, as a result of the attack.

Get the amazing news right in your inbox

about author
Leave a Reply