Most WordPress websites have been holding relatively low value. Most are marketing landing pages and blogs. So the biggest gain for hackers have been the access to server resources to host phishing pages, redirect traffic, inject SEO spam and to build botnets (used to orchestrate DDOS attacks etc).
Now, WordPress 7.0 was just launched where you can connect Anthropic, OpenAI and Google Gemini models to automate pretty much anything on the website. Powerful, but also puts a massive target on its back. The ROI of hacking a random WordPress site just skyrocketed.
We’ll see how this plays out. But if this gets popular and people will start connecting their AI API keys to the sites then the amount of attacks we see against WordPress sites will grow exponentially. There will be new attack vectors invented, more supply chain attacks and significantly more vulnerabilities found in plugins.
Now, WordPress 7.0 was just launched where you can connect Anthropic, OpenAI and Google Gemini models to automate pretty much anything on the website. Powerful, but also puts a massive target on its back. The ROI of hacking a random WordPress site just skyrocketed.
We’ll see how this plays out. But if this gets popular and people will start connecting their AI API keys to the sites then the amount of attacks we see against WordPress sites will grow exponentially. There will be new attack vectors invented, more supply chain attacks and significantly more vulnerabilities found in plugins.