On June 3, 2020 Wordfence, a popular WordPress Security Provider, reported that a large scale attack was carried out across over 1.3 million WordPress websites and the total number attacks exceeded 130 million. Unfortunately, these numbers are only the amount of attacks Wordfence knows about because its Firewall blocked these attacks so the cumulative number of attacks is sure to be much higher.

Image Courtesy of Wordfence

What happened?

Wordfence as able to determine that these attacks were carried out by the same attackers who launched a similar attack in May of 2020. Though the vulnerabilities used were different, the same IP addresses were used to carry out the attack by injecting malicious code using Cross-site Scripting (XSS). Typically, XSS attacks try to take advantage of outdated code on a site that is present with outdated theme and plugin files.

What was their goal?

Through the XSS, the attackers were trying to leverage vulnerabilities to gain access to a site’s wp-config.php file and download it. This file is critical to all WordPress installations and it contains database names & credentials along connection information. If an attacker gains access to this file, they can use it to gain access to a site’s databases, which is where the site stores content, and user information.

What should you do?

If you think you may have been part of this attack, you should change your database passwords immediately. If you are unsure how to make these changes, please reach out to a professional for assistance. If your site was using Wordfence, or perhaps a different Firewall provider, check your logs to ensure these attacks were blocked.

How can you prevent these attacks in the future?

First and foremost, leveraging a firewall provider, such as Wordfence, is a great first step in securing your website. In addition, you should be sure to keep all files up to date and reduce your surface attack area by removing any unused plugins or themes. If you need assistance, I offer monthly care packages in which I ensure all tools are updated accordingly as well as offering backup & restore services. There are quite a few other features I offer with these packages so please contact me if you have any questions.