The Defiant Threat Intelligence team recently began tracking the behavior of an organised brute force attack campaign against WordPress sites. The hackers has created a botnet of infected WordPress websites to perform its attacks. The bots attempt to get access to WordPress privileged accounts.
Five million attempts in 30 days!
In the last 30 days Wordfence plugin have blocked more than five million malicious authentication attempts associated with this attack campaign in the last thirty days alone.
The requests pass through the proxy servers and are sent to over 20,000 infected WordPress sites. Those sites are running an attack script which attacks targeted WordPress sites. The diagram below illustrates the attack chain.
What Should Site Owners Do?
To protect your website from potential threat it is valuable to implement restrictions and lockouts for failed logins.
The Wordfence plugin features help you to protect your website and the IPs launching the attacks are automatically blocked for Premium Wordfence users with access to the real-time IP blacklist.
If you believe your site is could be infected ,please consider making use of EasyClick Studio specialist or cleaning services. We will help you with your website security and search engine visibility.