A hacker group has attempted to hijack nearly one million WordPress sites in the last seven days, according to a security alert issued today by cyber-security firm Wordfence.
The company says that since April 28, this particular hacker group has engaged in a hacking campaign of massive proportions that caused a 30x uptick in the volume of attack traffic Wordfence has been tracking.
"While our records show that this threat actor may have sent out a smaller volume of attacks in the past, it's only in the past few days that they've truly ramped up," said Ram Gall, QA engineer at Wordfence.
Gall says the group launched attacks from across more than 24,000 distinct IP addresses and attempted to break into more than 900,000 WordPress sites.
The attacks peaked on Sunday, May 3, when the group launched more than 20 million exploitation attempts against half a million domains.
The malicious code also scanned incoming visitors for logged-in administrators and then attempted to automate the creation of backdoor accounts via the unsuspecting admin users.
Wordfence says the hackers used a broad spectrum of vulnerabilities for their attacks. The different techniques observed over the last week are detailed below:
However, Wordfence also warns that the threat actor is sophisticated enough to develop new exploits and is likely to pivot to other vulnerabilities in the future.
WordPress website owners are advised to update themes and plugins they have installed on their sites, and, optionally, install a website application firewall (WAF) plugin to block attacks, if they might get targeted.