Security News > 2020 > June > Botnet blasts WordPress sites with configuration download attacks
Security researchers at WordFence, a company that's focused on securing WordPress, have reported a burst of old-school attacks that are after your WordPress configuration data.
This file is located in the root of your WordPress file directory and contains your website's base configuration details, such as database connection information.
Normal WordPress requests received from outside are constrained to the part of your WordPress installation where your site data lives, so in theory it's impossible to construct a URL that reaches "Across and upwards" from the directory that holds your public data into the directory that holds your site's configuration files and internal data.
Researchers at WordFence say that over the past month they've seen close to a million different WordPress sites receive malicious requests designed to shake loose their wp-config.
Even with read access to your configuration file, a crook may be able to use the security information in it to get unauthorised access to your WordPress databases.
News URL
Related news
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks (source)
- Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices (source)
- Mirai botnet behind the largest DDoS attack to date (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)