Hackers attack almost a million WordPress websites every month

After security researchers discovered that the attack traffic for cross-site scripting vulnerabilities has increased 30 times recently, they urged WordPress administrators to ensure that all their plugins are updated to the latest version.

According to Ram Gall, a security researcher from Wordfence, the surge in malicious WordPress traffic has peaked in the past few weeks. On May 3, more than 500,000 personal site attacks were attempted more than 20 million times. In the past month, security vendors have detected attacks from 900,000 sites from 24,000 different IP addresses.

The attacker attempts to inject the same malicious JavaScript payload to insert a backdoor into the victim site and redirect visitors. This type of attack attempts to exploit the following multiple cross-site scripting vulnerabilities in the Easy2Map plugin, Blog Designer plugin, and Newspaper theme. Hackers also exploit vulnerabilities in the options update in the WP GDPR Compliance plugin and the Total Donations plugin. Gall warns that the hackers behind these attacks are likely to turn to other WordPress vulnerabilities in the future.

The JavaScript malicious payload in this round of attack aims to redirect unlogged users to malicious URLs. If the user is logged in, it will try to inject a malicious PHP backdoor together with another malicious JavaScript into the current theme’s header file to achieve remote control of the website.

In this case, the most important thing is to keep using the latest plugins and deactivate and delete all plugins that have been deleted from the WordPress plugin repository. The vast majority of these attacks target vulnerabilities patched a few months or years ago.