Security News > 2020 > June > Hackers Attempted to Steal Credentials From Millions of WordPress Websites
Over a period of just a few days in late May, malicious actors attempted to steal database credentials from millions of WordPress websites by exploiting known vulnerabilities in themes and plugins.
According to WordPress security company Defiant, its firewall blocked more than 130 million attempts to collect database credentials from 1.3 million sites between May 29 and May 31.
An analysis of the attack showed that exploitation attempts originated from more than 20,000 IP addresses, the same IPs that were behind another recent large-scale campaign that targeted 1.3 million WordPress websites protected by Defiant's Wordfence solution.
The more recent attack targeted nearly one million websites that were not targeted in the previous operation.
The company has published indicators of compromise and provided recommendations on how administrators can protect their WordPress websites against such attacks.