Cybercriminals have targeted over 1.6 million WordPress sites in a massive attack. According to cybersecurity firm Wordfence, researchers claim they have detected an ongoing wave of attacks that originate from more than 16,000 different IP addresses.

Tech Radar reports that the Wordfence Threat Intelligence team said that a surge in attacks had come over a 36 hour period, and targets security flaws in four WordPress plugins and 15 Epsilon Framework themes.

Wordfence claims to have blocked more than 13.7m attacks so far.

The four plugins being targeted are Kiwi Social Share, WordPress Automatic, Pinterest Automatic and PublishPress Capabilities.

According to the researchers, the plugins are affected by ‘Unauthenticated Arbitrary Options update’ vulnerabilities, and hackers are reported to be targeting a ‘Function Injection’ flaw in 15 Epsilon Framework themes to update arbitrary options. One of the 15 themes currently does not have a patch available.

The targeted Epsilon Framework themes and vulnerable versions are:

Activello <=1.4.1

Allegiant <=1.2.5

Affluent <1.1.0

Shapely <=1.2.8

Antreas <=1.0.6

NewsMag <=2.4.1

Illdy <=2.1.6

Newspaper X <=1.3.1

MedZone Lite <=1.2.5

Pixova Lite <=2.0.6

Brilliance <=1.2.9

Transcend <=1.1.9

Regina Lite <=2.0.5

Bonkers <=1.0.

Analysts at Wordfence say that the hackers are changing the ‘users_can_register’ option to ‘enabled’ and setting the ‘default_role’ option to ‘administrator’ in the majority of cases. This allows the hackers to register as an administrator on a site and take it over.

The top three offending IPs include:

144.91.111.6 with 430,067 attacks blocked

185.9.156.158 with 277,111 attacks blocked

195.2.76.246 with 274,574 attacks blocked

Website admins are urged to check to see if their site has already been compromised by reviewing all users and searching for any unauthorised accounts, and they should delete any rogue additions as soon as possible.

It is also recommended to review the site’s settings at ‘http://examplesite[.]com/wp-admin/options-general.php’ and make sure the Membership setting and ‘New User Default Role’ are properly set.

All plugins and themes on WordPress should also be updated as soon as possible.

In 2019, Mailgun’s website was attacked by hackers who targeted a WordPress plugin called Yuzo Related Posts. Hackers added code into the sites which then redirected visitors to a malicious website.

Also in the same year, cybercriminals exploited a flaw in the plugin Social Warfare to attack websites and inject JavaScript code into the social sharing links present on a website’s posts.

It was discovered in 2017 that a popular WordPress plug-in that had been installed on around 300,000 websites had been compromised with malicious code which opened a back door into the websites.

Attackers also breached the web-hosting firm GoDaddy in November and gained access to the information of nearly 1.2 million active and inactive Managed WordPress customers.

The attack allowed the criminal to view their customer numbers, email addresses as well as passwords for the secure file transfer protocol and database, as well as the database usernames for active customers.

If you’re looking for a WordPress white label agency, talk to us today.