TLDR:
- A password-cracking botnet has taken over WordPress sites to launch attacks using visitors’ browsers.
- Researcher Denis Sinegubko noted 41,800 password attempts per site with this method.
The article discusses how a password-cracking botnet has shifted from crypto wallet drainers to attempting brute-force attacks on WordPress sites. The attackers use visitors’ browsers to launch massive password-cracking attempts, with one compromised site estimated to be trying over 41,800 passwords. Recommendations for end users include securing passwords and using tools like NoScript to prevent such exploits. For WordPress admins, it is advised to ensure strong passwords and firewall the admin page and “xmlrpc.php” file to protect their sites.