image credit: Pxhere

Large-scale campaign targets configuration files from WordPress sites

June 4, 2020

Security researchers from WordFence have observed a large-scale campaign over the weekend aimed at stealing configuration files from WordPress sites.

Threat actors attempted to exploit well- known vulnerabilities in unpatched plugins to download configuration files from WordPress sites and steal database credentials.

“Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files.” reads the post published by WordFence.

Read More on Security Affairs