WordPress Hackers Hit 900,000 Sites in a Week

Share Article
In Brief
  • New reports by cybersecurity firm Wordfence, revealed one of the biggest attacks in 2020.

  • The attacks came from a hacking group that targeted WordPress websites.

  • The attackers targeted nearly a million websites.

  • promo

    Free Cloud Mining Providers to Mine Bitcoin in 2021

The Trust Project is an international consortium of news organizations building standards of transparency.

A new wave of hacks has struck nearly a million WordPress websites in a single week in late April and early May.

Sponsored



Sponsored

For months now, news of WordPress websites being flawed or targeted by attacks has been making headlines. Last week, however, an attack that dwarfed all others took place.

900,000 WordPress Websites Hit

According to recent reports, the new attacks were suspected to be a result of a single cybercrime group. The attacks lasted for approximately seven days and affected upwards of 900,000 sites.

Sponsored



Sponsored

Wordfence reported that the band of hackers conducted a week-long attack that caused a massive surge in bad traffic.

The attacks started on April 28 and reached a peak on May 3. Originally, the attackers attempted to exploit flaws found in XSS (cross-site scripting). Their goal was to install malicious JavaScript code in order to redirect new incoming traffic to other websites that contained malware.

They also hit vulnerable plugins, while some attacks revolved around breaching WordPress sites through scams and malicious plugins.

New Attacks may be Coming

The attacks are certainly sophisticated enough, and Wordfence suspects that the attackers may even develop new exploits. That way, they could try to take advantage of other flaws and vulnerabilities that have yet to emerge.

Meanwhile, anyone who owns a WordPress website is advised to take necessary precautions as soon as possible. That includes updating all plugins, themes, and even installing a WAF (Website Application Firewall).

There is no certainty as to where or when the attackers might strike next, and reacting after the attack takes place is usually too late.

As mentioned, there are plenty of past reports that revealed what kinds of approaches hackers were using. One example is exploiting zero-days in WordPress plugins. Another incident saw hackers exploiting other vulnerabilities that led to the hijacking of e-learning platforms.

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Sponsored
Share Article

Related topics

Ali is a freelance journalist, having 7 years of experience in web journalism and marketing. He contributes to various online publications. Ali holds a master degree in finance and enjoys writing about cryptocurrencies and fintech. Ali's work has been published on a number of well-known publications in crypto and cybersecurity niches. When he is not working, he loves traveling and playing games.

Follow Author

Crypto predictions with the Best Telegram Signal with +70% accuracy!

Join now

Free Cloud Mining Providers to Mine Bitcoin in 2021

Go

How To Mine Cryptocurrency: Beginner’s Guide

Let's Go