In January 2017, a group of 5 Supervillains hacked 1.5 million WordPress pages in a 24 hours period. Completely fixing the vulnerability in WordPress REST API took the WordPress team the following 2 months. In the 6 months following this stunning attack, copycat hackers hacked an additional 2.5 million WordPress pages.
All of these attacks uploaded files to the server and manipulate database records. This is a full website security breach. The WordPress core team was understandably very quiet and diligent about fixing this…vulnerability. They softly called it an important update and security vulnerability.
WP v4.7.2 to 4.7.5 were all security fixes. Our security team calls it like it is, the largest widespread WordPress defacement hack in history. The majority of all worldwide WordPress websites are still vulnerable and open for malicious activity.
There are about 1 billion hackbot attempts per month on WordPress websites. This is a dramatic increase from even 1 year ago. Supervillains with hackbots and nests of malware, are poised and actively attacking every WordPress website. Are you secured and shielded?
Maybe you are lucky and the Supervillains don’t know about you yet, maybe you can use some WordPress SEO, and maybe your WordPress website is already hacked. Less than 1/10,000th of the hacked websites have been abused… yet.
The current threat level for WordPress websites is
Red: WordPress security risk is imminent.