WordPress websites are at threat. Cyberattackers are targeting by using admin accounts. It started last month, reveals a finding from Wordfence security researchers.
The research has discovered vulnerabilities in WordPress plugins. Melicious JavaSript are being injected and visitors are redirected to potentially harmful content like fraudulent sites and malware droppers.
According to Wordfence, the attacks are originating from various IP adresses linked to web hosting providers.
Wordfence’s Mikey Veenstra said, “The IP address in question is 18.104.22.168, a Rackspace server currently hosting some presumably compromised websites. We have reached out to Rackspace to inform them of this activity, in hopes that they will take action in preventing further attacks from their network. We have not yet heard back.”
A suggestion has come up from the research firm. In a blog post it writes, “As always, updating the plugins and themes on your WordPress site is an excellent layer of defense against campaigns like these. Check your site for needed updates frequently to ensure you’re receiving the latest patches as they’re released. Wordfence users periodically receive emails informing them when updates are available as well.”
The firm adds that one IP address is much in question. It is 22.214.171.124 and presently hosting couple of compromised websites. Owner of the IP address has been informed and action to prevent further cyberattacks is awaited.