HomeNewsLarge scale attack campaign targets WordPress sites’ database credentials

Large scale attack campaign targets WordPress sites’ database credentials

If you purchase via links on our reader-supported site, we may receive affiliate commissions.
cyberghost vpn ad

There have been reports that hackers tried to download configuration files from sites using WordPress to steal their database credentials.

Wordfence, a provider of web application firewall services (WAF) reported that about 130 million attacks directed at harvesting database credentials from 1.3 million sites by downloading their configuration files were blocked by Wordfence Firewall.

Protect your digital identity with OmniWatch – check out our OmniWatch review on this tool that removes your personal information from the dark web and data broker sites.

“Hackers started the attack since 30th of May 2020 becoming the peak of the attack campaign having recorded about 75% of the total attempt at exploiting the theme and plugin vulnerabilities all through the WordPress environment.” This was stated by Ram Gall, Wordfence QA engineer.

He emphasized the fact that the attacks were executed from a network of 20,000 different IP addresses with most having been previously deployed in an earlier large-scale campaign that also targeted WordPress sites early last month.

The earlier campaign similar in size saw the hackers deployed a batch of XSS (cross-site scripting) vulnerabilities and tried to attach malicious administrative users and backdoor on the targeted sites.

In a Wordfence-published report detailing part of a threat alert, it revealed that the config-jacking attacks are three times bigger than any other form of the attack recorded against WordPress sites. Both large-scale campaigns which are “considered” to be bigger than all other groups’ attacks put together are suspected to have been carried out by the same hacker.

Gall said, “the attack campaign aimed to use old exploits to export wp-config.php files from unpatched WordPress websites, extract database credentials from them, before using the usernames and passwords to hijack the databases.”

READ ALSO: WordPress malware pinpoints WooCommerce sites for Magecart attacks

The web application firewall services providers say that “Peradventure your server is configured to grant remote database access, a hacker with access to your database credentials can effortlessly add an administrative user to either siphon or delete vital data from your site”.

SecureBlitz advises that you get to change your database password by contacting your host company even if your site does not grant remote database access to avoid getting your sensitive data tampered with by an attacker that has gained access to your database credentials.


WordPress Hardening: 7 Ways to Harden your Website Security

Most Dangerous Websites You Should Avoid in 2020

Hacker leaks over 23 million user data on Webkinz World

How to Secure Your WordPress Website from Hackers

5 Most Common WordPress Attacks in 2020

Amaya Paucek
Amaya Paucek
Amaya Paucek is a professional with an MBA and practical experience in SEO and digital marketing. She is based in Philippines and specializes in helping businesses achieve their goals using her digital marketing skills. She is a keen observer of the ever-evolving digital landscape and looks forward to making a mark in the digital space.


Delete Me
Incogni Black Friday Ad
Heimdal Security ad


Please enter your comment!
Please enter your name here