Millions of WordPress sites are under attack |
Defiant, the company behind Wordfence, said millions of WordPress sites were attacked this week.
After the hackers discovered the vulnerability and exploited it in the file manager, the attack suddenly escalated. File Manager is a popular WordPress plugin that is installed on over 700,000 websites.
The vulnerability consists of unauthorized file downloads that could allow attackers to download malicious files from websites running the outdated file manager extension.
It is unknown how hackers discovered this vulnerability, but earlier this week they started looking for websites where this plugin can be installed.
If the search is successful, the attacker may exploit the vulnerability and upload a hidden text to the image file on the victim's server. Then the attacker accesses the script, enters the victim's location and captures it in the botnet.
Threat analyst Ram Gal said, "The attacks on this vulnerability have increased dramatically in the past few days."
The attack started slowly but increased within a week. Defiant targeted 1 million attacks only against a WordPress site registry on Friday 4 September.
Since discovering the attack on September 1, Defiant has blocked a total of 1.7 million websites.
The 1.7 million figure is more than half of the total number of WordPress sites that use Wordfence.
Gal estimates that since WordPress has been installed on hundreds of millions of websites, the true scope of the attack has become much larger and can be progressively scanned and hacked.
The file manager development team released a patch the same day they learned of the attack. Some website owners installed the update, but other website owners have been left behind.
This slow fix recently prompted a team of WordPress developers to add automatic updates to WordPress themes and plugins.
Starting with version 5.5 (WordPress) released last month, website owners can configure plugins and themes to update them automatically every time a new update is released, and ensure that their website is always running the latest version of the theme or plugin. And to protect from attacks.