On Monday December 18, the preeminent WordPress security company Wordfence reported aggressive brute force attacks on WordPress websites. These attacks exceeded 14 million in a single hour and targeted more than 190,000 sites each hour.
After extensive digging, Wordfence had this to say about what the attack was all about:
To summarize, the attacker is leveraging sophisticated malware to control compromised WordPress servers remotely. The servers are being used to both attack other WordPress sites and to mine for Monero, a cryptocurrency that can be efficiently mined using web server hardware. We discovered evidence showing that the attacker has earned almost $100,000 from mining already, and likely quite a lot more.
The brute force attack came after 1.4 billion password credentials were leaked to dark web communities earlier this month. This attack reminds us all about the importance of updating passwords on a regular basis, as well as ensuring you host your website with a company that knows how to keep its clients protected.