Attack on ~ 1.5 Mn WordPress Sites
Check the themes and plugins in the list. If present. maybe disable!
The affected plugins and their versions are:
PublishPress Capabilities
Kiwi Social Plugin
Pinterest Automatic
WordPress Automatic
The targeted Epsilon Framework themes are:
Shapely
NewsMag
Activello
Illdy
Allegiant
Newspaper X
Pixova Lite
Brilliance
MedZone Lite
Regina Lite
Transcend
Affluent
Bonkers
Antreas
NatureMag Lite – No patch available
Among the top 10 attack machines have
Contabo and OVH ips
( I had read 1.9 Mn sites elsewhere, the bleeping computer link mentions 1.6 Mn. Updated the title)
Comments
Seems about right, my web servers are getting hit on those endpoints a lot more lately.
Get the best deal on your next VPS or Shared/Reseller hosting from RacknerdTracker.com - The original aff garden.
WP is the all-time most exploited platform
It's mostly (discontinued) plugins that are affected by this. WP Base Install is usually fairly solid. Add Login via VPN Whitelist and you are already good to go.
Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.