The reputed security firm WordPress, dealing with site security solutions have uncovered an attack on nearly 20,000 WordPress sites. These sites have been coded into attack bots and are initiated to attack other sites. This is a part of a big malware and hacking chain which should be a concern for internet security worldwide.
Hackers broke into secure Russian Servers using almost 15,000 Russian Proxy Sites using Command to Control method. The C2 Servers helped to hack into those 20,000 WordPress sites and turn them into “attack bots”.
Fortunately, WordPress was able to detect IPs and modules used by the miscreants from their background attack script. Authorities claim to have blocked the responsible sites using Brute Force Protection techniques and secure firewall systems. More than 5 million authentication attempts by these attackers have been reported by WordPress. Thankfully, none of them could be penetrated due to timely response and detection by WordPress.
WordPress is now concentrating on reducing Plugin bugs and strengthening servers so that sites continue using WordPress to customize their websites and data.