WordPress Sites Under Constant Attack

WordPress sites pages suffer 30 times more attacks than average, as Defiant reports. Attack attempts have been made on more than 900,000 websites since 28 April 2020.

What is happening?

Many attacks are accused of being carried out by the same threat actor. The same community can also exploit older established vulnerabilities in WordPress. On 3 May, there were over 20 million attacks on 500,000 sites. Around 24,000 separate IP addresses that tried to initiate attacks have been identified since last month.

The current situation

• The attacks that exploit XSS vulnerabilities rely primarily on planting a loophole on target pages. A malicious JavaScript can be attached to each page on the web.
• For non-XSS threats, users are attempted by modifying the URL of the web home page to the same malvertising program.

What the experts are saying

• Ram Gall, a Defiant QA programmer, said that the range and frequency of attacks make it clear that this is not a coordinated operation. Monetization appears to be the only justification behind this movement.
• Defiant cautioned that this wide-ranging initiative could quickly switch to other objectives.
• WordPress plug-ins are a vital third-party attack, because more than 70% of the website’s scripts are third party.

What you can do

• Delete and deactivate the plug-ins that have been removed from the WordPress repositories. 
• Run a web application firewall. 

More insights

• Wordfence has provided IOCs that can be used by site managers to test whether they are attacked.
• Users of Wordfence are secured from XSS attacks.
• More than half of the attacks were triggered by the Easy2Map plugin which was removed last August from the registry. Most definitely this plugin is mounted on almost 3000 pages.

In essence

The takeaway is that all plug-ins should be updated. A layered security approach is the need of the hour.