Ongoing hacking attacks on WordPress

This just in via WordFence email:  Wordfence <>

AJAX call creates a user named wpservices with the email and the password w0rdpr3ss. With this user in place, the attacker is free to install further backdoors or perform other malicious activity.

Block these IPs in cPanel / IP Blocker: – Hosts the script responsible for rogue administrator creation. Also associated with other malvertising scripts in earlier incarnations of this campaign. – Hosts ad network scripts for redirection and popups.

IP Addresses

Details please review their article at

Comments are closed