Skip to main content
  1. Home
  2. Computing
  3. News

With 20,000 sites swallowed up, a botnet is eating WordPress alive

By
Image used with permission by copyright holder

Hackers controlling a “botnet” of over 20,000 infected WordPress sites are attacking other WordPress sites, according to a report from The Defiant Threat Intelligence team. The botnets attempted to generate up to five million malicious WordPress logins within the past thirty days.

Per the report, the hackers behind this attack are using four command and control servers to send requests to over 14,000 proxy servers from a Russian provider. Those proxies are then used to anonymize traffic and send instructions and a script to the infected WordPress “slave” sites concerning which of the other WordPress sites to eventually target. The servers behind the attack are still online, and primarily target the XML-RPC interface of WordPress to try out a combination of usernames and passwords for admin logins.

Recommended Videos

“The wordlists associated with this campaign contain small sets of very common passwords. However, the script includes functionality to dynamically generate appropriate passwords based on common patterns … While this tactic is unlikely to succeed on any one given site, it can be very effective when used at scale across a large number of targets,” explains The Defiant Threat Intelligence team.

Please enable Javascript to view this content

Attacks on the XML-RPC interface aren’t new and date back to 2015. If you’re concerned that your WordPress account might be impacted by this attack, The Defiant Threat Intelligence team reports that it is best to enable restrictions and lockouts for failed logins. You also can consider using WordPress plugins which protect against brute force attacks, such as the Wordfence plugin.

The Defiant Threat Intelligence team has shared information on the attacks with law enforcement authorities. Unfortunately, ZDNet reports that the four command and control servers can’t be taken offline because they are hosted on a provider that doesn’t honor takedown requests. Still, researchers will be contacting hosting providers identified with the infected slave sites to try and limit the scope of the attack.

Some data has been omitted from the original report on this attack because it can be exploited by others. The use of the proxies also makes it hard to find the location of the attacks, but the attacker made mistakes which allowed researchers to access the interface of the command and control servers behind the attack. All of this information is being deemed as “a great deal of valuable data” for investigators.

Editors’ Recommendations

Topics
Arif Bacchus
Arif Bacchus
Former Digital Trends Contributor
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
New Mac Studio release date, price and everything you need to know
Apple Mac Studio with M4 Max and M3 Ultra chips and two Apple Studio Display monitors.

The Apple Mac Studio has always packed a ton of power into a very diminutive block of what feels a lot like solid aluminum. It's designed to look like it's floating in air, and the majority of its ports are in the back and out of the way. There's simply no other desktop machine that takes up so little space and, frankly, looks so great on your desk.

The new model maintains all the best characteristics that makes it one of the best desktops while dramatically increasing the power. The previous generation hadn't yet received the faster GPU and Neural Engine performance, and that's now on tap. It's more expensive than ever, but if you need it, then it looks like it will deliver.
Release date and price
The new Mac Studio was announced on March 5, 2025, and will be available starting on March 12, 2025. That's earlier than many predictions, and very soon after its announcement.

Read more
The new Mac Studio absolutely baffles me in one key way
Apple Mac Studio with M4 Max and M3 Ultra chips and two Apple Studio Display monitors.

Way back when Steve Jobs returned to Apple and saved it from bankruptcy, he implemented his famous product quadrant: Apple should have desktops and laptops for consumers and professionals. These four categories should contain just one of the best Macs each -- no more, no less.

The idea was that you should be able to instantly differentiate each device and know who it’s for and what it does, and it worked incredibly effectively. Yet when I look at the new Mac Studio that Apple unveiled today, I get the feeling that Steve Jobs would be most displeased.

Read more
Google AI Mode will reinvent Search. I’m worried — and you should be, too
Google AI Mode for Search.

Google is pushing forward with more AI into how internet search works. Remember AI Overviews, which essentially summarizes the content pulled from websites, and presents it at the top of the Google Search page?

That error-prone feature is now expanding to the US market, powered by the new Gemini 2.0 AI models. It no longer requires a Google account sign-in, and has opened to users across all age groups. While that is a risky move in itself, Google is giving a similar blanket treatment to the whole Search page with a new AI Mode.

Read more