WordPress Security Plugin Wordfence Blocked Over 4.6 Million Attacks in a Month: Report

A zero-day vulnerability was actively exploited and the team became aware of it last week.

Advertisement
Written by Sourabh Kulesh, Edited by Richa Sharma | Updated: 15 September 2022 19:03 IST
Highlights
  • About 2,80,000 sites run the WPGateway plugin
  • Incident Response services are being offered through Wordfence Care
  • Its 9.8 CVSS score suggests high vulnerability

Wordfence is a full-featured WordPress security plugin

Photo Credit: Wordfence

Wordfence, one of the most full-featured WordPress security plugins available now, announced earlier this week that it has blocked over 4.6 million cyberattacks, which were targeting a zero-day vulnerability, in the past 30 days. The attacks were being carried out against more than 2,80,000 sites running the WPGateway plugin, which allows its users to setup and manage WordPress sites from a single dashboard. The company is offering Incident Response services via Wordfence Care to those who believe they have been compromised.

Wordfence posted in a blog that on September 8, the Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability that was being used to attack sites running the WPGateway plugin. It released a firewall rule to Wordfence Premium, Wordfence Care, and Wordfence Response customers to block the exploit on the same day. It also said that the same protection for sites that are running the free version of Wordfence will be released on October 8.

Advertisement

“The Wordfence firewall has successfully blocked over 4.6 million attacks targeting this vulnerability against more than 280,000 sites in the past 30 days,” it added. The zero-day vulnerability found in a “part of the plugin functionality” was reportedly facilitating the addition of a malicious administrator user to sites running the WPGateway plugin, which is tied to the WPGateway cloud service, and offers its users a way to setup and manage WordPress sites from a single dashboard.

It is to be noted that the vulnerability identifier CVE-2022-3180 for this issue was reserved and the CVSS Score (yardstick to assign severity scores to vulnerabilities) was 9.8, suggesting a high vulnerability. Wordfence says that although they are releasing this public service announcement, there are some nitty-gritties that are being withheld in order to prevent further exploitation as “this is an actively exploited zero-day vulnerability, and attackers are already aware of the mechanism required to exploit it.”

Advertisement

How to know if you are compromised

Those who are using the Wordfence plugin can easily determine whether their site has been compromised using this vulnerability or not. If they find a malicious administrator with the username of rangex, and/ or find requests to //wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1 in site's access logs, then it is a surety that they've been attacked. However, it does not mean that the site is fully compromised.

Buying an affordable 5G smartphone today usually means you will end up paying a "5G tax". What does that mean for those looking to get access to 5G networks as soon as they launch? Find out on this week's episode. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
 
Post your comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: WordPress, Wordfence, Cybersecurity
OnePlus 10T OxygenOS 13 Closed Beta Test (CBT) Programme Begins in India
Advertisement
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. CMF Watch 3 Pro India Launch Finally Confirmed, Here's What to Expect
  2. These Four Xiaomi Phones Are Now Eligible to Get Android 17 Beta Updates
  3. OnePlus Pad 4 Launched in India With Flagship Chip and These Features
  4. Moto G87 Launched With 200-Megapixel Main Camera, 5,200mAh Battery
  5. The iQOO Neo 10 Is Now Available in These New Colour Variants in India
  6. House of the Dragon Season 3 OTT Release Date: When and Where to Watch it Online?
  7. Raakaasa OTT Release Date Confirmed: Know When and Where to Watch it Online
  8. OpenAI Confirms GPT-5.5 Cyber Model's Rollout Is Around the Corner
  9. Moto G37 Power, Moto G37 Launched With Dimensity 6300 Chip: See Price
  10. Sony Issues Statement on New DRM Check for PS5, PS4 Games After Backlash
#Latest Stories
  1. Nine Crypto Scam Centres Targeting US Users Shut Down in Joint Operation Involving UAE, US and China
  2. Google Photos Unveils New AI-Powered Wardrobe Feature to Help You Decide What to Wear
  3. OpenAI CEO Sam Altman Teases GPT-5.5 Cyber AI Model Rollout, Could Take On Anthropic’s Claude Mythos
  4. Vivo X Fold 6 Leaks Hint at 200-Megapixel Camera, MediaTek Dimensity 9500 Chip and 7,000mAh Battery
  5. Raakaasa OTT Release Date Confirmed: Know When and Where to Watch it Online
  6. Moto G47 Launched With 108-Megapixel Camera, 5,200mAh Battery: Price, Specifications
  7. Sony Issues Statement on New DRM Check for PS5, PS4 Games After Backlash
  8. House of the Dragon Season 3 OTT Release Date: When and Where to Watch it Online?
  9. Moto G37 Power Launched With 7,000mAh Battery Alongside Moto G37: Price, Specifications
  10. Motorola Razr Ultra 2026, Razr+ 2026 Launched With 4-Inch Cover Display, Razr 2026 Tags Along: Price, Features
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.