Million of WordPress accounts and websites were targeted in the last 24 hours as part of a major cyber attack with the aim of obtaining credentials and other sensitive data.
The hackers behind the attack were trying to download a specific file called wp-config.php from WordPress websites since they contain crucial information such as database credentials, connection info, authentication unique keys, salts, and more.
They tried to exploit vulnerabilities in WordPress plugins and themes such as cross-site scripting (XSS). This was done to gain access to credentials and ultimately take over the websites completely. However, QA engineer and threat analyst Ram Gall explained in a blog post how the attackers failed to do so thanks to the Wordfence Firewall.
Security researchers at WordFence were able to link this attack to a previous one where hackers with 20,000 different IPs tried to install backdoors and redirect users to malicious websites. They launched nearly 20 million attacks on over hundred of thousands of websites.
As with every other hacking case, WordPress site owners can protect their platforms by keeping their plugins and themes up to date by applying the latest patches released by creators. Outdated themes and plugins should also be removed for the sake of security since they are no longer maintained.