Wordfence reports about a recent surge in cross-site scripting (XSS) attacks targeting approximately 900,000 WordPress websites. The attacks peaked at 30 times the typical daily volume between April 28, 2020, and May 3, 2020, and they are based on the exploitation of known and already fixed vulnerabilities. Wordfence has recorded a large scale of launching points, with 24,000 distinct IP addresses being involved in this campaign. A common indicator of compromise in all cases would be the “hjt689ig9” or “trackstatisticsss” strings, while the most active IP addresses were “184.108.40.206,” “220.127.116.11,” and “18.104.22.168.”
As it becomes obvious from the above, defending against this large-scale campaign would be as easy as updating all of your WordPress themes and plugins while also removing those that are no longer supported by their authors. Sure, this could affect their functionality, break something on the site, or deprive you of features that are no longer available in the newest versions. Still, these drawbacks aren’t enough to make risking your site’s security worth it.
World news – GB – A Surge in Attacks on WordPress Reminds Us Updates’ Importance