WordPress installations sporting known vulnerabilities continue to be compromised by hackers. A single 26-second DDoS attack against a site run by a hacker was launched from 569 different WordPress blogs. Many WordPress blogs are easy to provision and host, but that ease of installation — and use — means that such software is often run outside the purview of IT provisioning and oversight. In August, an Arbor Security Engineering & Response Team (ASERT) research analyst noted that the Fort Disco malware was being used to target known vulnerabilities in content management systems.”]
Source: https://www.darkreading.com/attacks-breaches/wordpress-site-hacks-continue