130M Attacks Try to Steal Database Credentials from 1.3M WordPress Sites

130M Attacks Try to Steal Database Credentials from 1.3M WordPress Sites image

An unknown group of hackers is actively working on stealing WordPress database credentials from more than 1.3 million sites by downloading their configuration files. The used mechanism is to uncover unpatched versions of plugins that provide access to the wp-config.php file. Once they gain access to this file, they can use the contained information to take over the whole site.

Method of Infiltration: How the WordPress Blogs Are Hacked

The large-scale attack campaign depends on one of the most simple principles used by cybercriminals – the exploitation of unpatched software, which in WordPress-based sites means any installed plugins, themes, and the content management system.

The hackers typically do this by following either of these two approaches:

  1. Automatic Exploitation — This technique relies on web hacking toolkits that uncover outdated versions of plugins, themes, and WordPress installations. When such is found, they will use a suitable exploit to access the server file system and acquire the configuration file. The advantage of this method is that it can quickly enumerate a large number of sites.
  2. Manual Hacking — This approach relies on the criminals’ expertise to crack into a given WordPress site. Compared to the automated method, here, experienced criminals can be much more effective, as they can conduct prior research and possibly evade any security systems that might be placed.

As soon as the database credentials and configuration files are stolen, the hackers can access the contained within records. The username and password combinations of the affected users allow them to connect to the remote database and access all stored information in the site and effectively allow for an account overtake. When a database is accessed, the hackers will have the ability to browse all data belonging to all recorded users.


Also, Read What is wp-config.php (WordPress Configuration File)


The Large-Scale WordPress Attack and Its Implications

From there, various sabotage actions can occur, the most evident of which involves the complete removal of all web contents or the modification of data on attacked sites. Hackers with a specific plan can then lead to a so-called site defacement attack, where the replacement of all contents with a political message occurs. In these cases, the criminal groups may be motivated by a particular ideology or have been paid to do this by a state agency or competitor company.

Wordfence published statistics on the latest incident, citing a substantial increase in the number of exploit attempts against their clients. The guarded network was able to block more than 130 million hacking attempts. When the number accounted for other appliances, this has to lead to an estimate that more than 1.3 million WordPress sites have been targeted in this campaign alone.

The attacks started with a series of cross-site-scripting exploits, a common weakness that can be found among poorly designed plugins and themes. This allows hackers to trick the built-in scripts into executing code of their own choice, which leads to infiltration into the system.


Also, Read Be Warned: There’s A Surge in XSS Attacks against WordPress Sites


The campaign is overseen by an unknown hacking group which doesn’t show the motivations of the attackers. As of writing this article, no particular category of sites is focused on, meaning that the criminal group targets as many sites as possible.

In this situation, we at HowToHosting.Guide recommends that you patch your complete WordPress installation and watch out for any suspicious behavior.

Researched and created by:
Krum Popov
Passionate web entrepreneur, has been crafting web projects since 2007. In 2020, he founded HTH.Guide — a visionary platform dedicated to streamlining the search for the perfect web hosting solution. Read more...
Technically reviewed by:
Metodi Ivanov
Seasoned web development expert with 8+ years of experience, including specialized knowledge in hosting environments. His expertise guarantees that the content meets the highest standards in accuracy and aligns seamlessly with hosting technologies. Read more...

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree
At HTH.Guide, we offer transparent web hosting reviews, ensuring independence from external influences. Our evaluations are unbiased as we apply strict and consistent standards to all reviews.
While we may earn affiliate commissions from some of the companies featured, these commissions do not compromise the integrity of our reviews or influence our rankings.
The affiliate earnings contribute to covering account acquisition, testing expenses, maintenance, and development of our website and internal systems.
Trust HTH.Guide for reliable hosting insights and sincerity.