Security researchers at Wordfence are reporting that thousands of hacked home routers are attacking WordPress sites. Wordfence firewall and malware scanner products are in use on more than 2 million WordPress sites and the company estimates that 6.7% of all attacks on these sites are coming from hacked home routers.
“In the past month alone we have seen over 57,000 unique home routers being used to attack WordPress sites,” Wordfence CEO Mark Maunder said. “Those home networks are now being explored by hackers who have full access to them via the hacked home router. They can access workstations, mobile devices, wifi cameras, wifi climate control and any other devices that use the home WiFi network.”
Maunder said his team has mostly seen brute force attacks targeting both wp-login.php (the traditional login endpoint for WordPress) and also XMLRPC login. They have also seen a small percentage of complex attacks. Wordfence has detected a total of 67 million individual attacks from the routers the company identified in March.
While Wordfence researchers were creating their monthly attack report, they noticed that Algeria had jumped in rankings from position 60 to 24 in thier “Top Attacking Countries” list. Their review of attack data in Algeria revealed a ‘long tail’ of more than 10,000 attacking IPs originating from an Algerian state owned ISP.
Read full article here: https://wptavern.com/hacked-home-routers-are-launching-brute-force-attacks-on-wordpress-sites