Hackers attacked 1.7 million sites running WordPress blogging software this week, cybersecurity firm reports Defiant. The company registered a million attempts to access WordPress sites on Friday alone.
Defiant discovered a leak in WordPress’s File Manager plugin on September 1. WordPress’ parent company immediately fixed the leak, but many website administrators have not yet installed the new update, Defiant said.
The company is responsible for Wordfence, a firewall for WordPress sites. At the beginning of this week, Defiant noticed that many attempts were made to access WordPress sites via the File Manager leak. The number of attempts then increased rapidly.
Not all WordPress sites use Wordfence. Defiant therefore suspects that the attack is much bigger. WordPress is the most widely used content management system in the world and is used on about 75 million websites.