??????! ???????????????? ???? ?????????????????? ???????????????? ???????????????? ???? ?????????? ???????????? ????????!

Few days back, millions of WordPress accounts & websites were targeted in a major cyber-attack. Purpose of attackers were to obtain credentials and other sensitive data.

The attackers basically tried to download wp-config.php specifically from WordPress websites as it contains very sensitive information such as database credentials, connection info, authentication unique keys, and more.

Hackers tried to exploit vulnerabilities in WordPress Themes & Plugins such as cross site scripting (XSS). This was done to gain access to credentials and ultimately take over the websites completely. However, QA engineer and threat analyst Ram Gall explained in a blog post how the attackers failed to do so and thanks to WordFence Firewall.

Between May 29 and May 31, 2020, the WordFence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files. The peak of this attack campaign occurred on May 30, 2020. At this point, attacks from this campaign accounted for 75% of all attempted exploits of plugin and theme vulnerabilities across the WordPress ecosystem.

Security researchers at WordFence (Firewall Solution) were able to link this attack to a previous one where hackers with 20,000 different IPs tried to install backdoors and redirect users to malicious websites. They had launched nearly 20 million attacks on over hundreds of thousands of websites.

As with every other hacking case, WordPress site owners can protect their platforms by keeping their plugins and themes up to date by applying the latest patches released by creators. Outdated themes and plugins should also be removed for the sake of security since they are no longer maintained.