A report from cybersecurity firm Wordfence said cybercriminals tried to hack nearly one million WordPress sites in the last week. Hackers launched attacks from 24,000 different IP addresses and tried to break into more than 900,000 WordPress sites.
Firms Puzzled about Solving the “Reasonable” Issues
Hackers were engaged in the attack since April 28, 2020, causing a 30 times increase in the volume of attack traffic. The group launched more than 20 million hacking attempts against half a million domains on May 3, 2020. Attackers largely abused cross-site scripting (XSS) vulnerabilities to inject malicious JavaScript code on websites and redirect them to malicious sites.
Source: https://www.cisomag.com/wordfence-wordpress-sites-hacked/