Around 16,000 IPs are being used in a number of attacks on more than 1.6 million WordPress sites, according to Wordfence security researchers. The attacks originate from 16,000 IP addresses and target four WordPress plugins and 15 Epsilon Framework themes.
According to experts, attackers first enable option “users_can_register” and then change “default_role” option to the administrator. After that, they can just log in as an administrator on any website and take control of it.
Whether a site’s security has been hacked, administrators can check the site’s user accounts to see if unauthorized individuals have created any accounts. For example, the appearance of a rogue user account indicates that any of these plugins or themes have been hacked.
In addition, to overcome such dangerous attacks, removing and updating your plugins and themes is advised by the security experts.
#WordPress #hacked #cybersecurirt #news
