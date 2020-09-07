07 September 2020 13:15 IST

Wordfence web firewall recorded attacks against over one million sites, just on September 4. In total, the firm has blocked attacks against 1.7 million sites since September 1.

Millions of WordPress files have been attacked as hackers targeted a zero-day vulnerability in the WordPress File Manager plugin installed in over 7,00,000 WordPress websites.

It is estimated that 37.4% or 261,800 websites are still running vulnerable versions of the plugin.

“The true scale of these attacks is larger than what we were able to record,” Ram Gall, Threat Analyst at Defiant, the company behind the Wordfence web firewall said in a statement.

Wordfence protects over three million WordPress sites, all of which are being probed and attacked, he added.

After learning about the issue, the developer team released a patch for zero-day vulnerability. If a user finds that site’s functionality requires consistent usage of the File Manager plugin, they must update the version to 6.9, which patched the vulnerability.

The security company has also advised to uninstall the software completely if a user is not actively using the plugin.

“As a general rule, we recommend that you always have your firewall optimized. When zero day vulnerabilities like this are attacked, having an optimized firewall gives you a much better chance of preventing successful exploitation,” Gall said.