The WordPress platform is used by millions of websites, but it is also vulnerable to hacking, security experts said on Tuesday.
WordPress is a popular open-source software used to host website content and manage online advertising.
It is used in the United States, Canada, and the European Union, as well as in some African countries.
WordPress’ security vulnerabilities have been widely publicized and blamed on a malicious hacker group known as the Lazarus group.
WordCampus Security Director Adam Mosseri said he believes there is a group of hackers that have access to WordPress and are using it to compromise sites.
“It’s quite easy to get into a WordPress server and get the password for your WordPress admin account and to take control of it,” Mosseri told CNBC.
“They’ve got a bunch of compromised WordPress accounts.
They’ve got access to a lot of files, and they’re able to take full control of a WordPress site.
So it’s really quite a common attack vector.”
WordPress was recently affected by a hack that stole more than 80 million user passwords, which allowed attackers to compromise more than 5 million of the site’s accounts.
“WordCampuses security team has seen over the last two weeks that this has been happening in the WordPress ecosystem,” said Mosseri.
“WordCamp is not only compromised, but other companies as well.”
WordCamp, which sells security products and services to other companies, said in a blog post that hackers had breached more than 70 WordPress sites in less than a week.
Wordcamp’s CEO said hackers had stolen the passwords of about 300 million WordPress users.
WordSecurity, a security company, has also been monitoring a significant number of WordPress sites for signs of a compromise.
“We have observed a significant amount of compromise and theft of passwords from the WordPress platform,” said Ryan Estep, CEO of WordSecurity.
“This is particularly concerning given the fact that the WordPress security team recently discovered a new type of attack on their network that is using WordPress as a proxy for a malware campaign targeting vulnerable websites.”
WordSecurity said hackers were able to change the way the WordPress network works and change the login credentials of its users, potentially allowing them to gain access to sites that otherwise would not be vulnerable to a malicious attack.
WordSiteSecurity, an organization of security experts that helps companies mitigate online attacks, said it had also seen a significant uptick in compromised WordPress sites.
WordSafeguards, a service that helps businesses and governments better protect their networks, said that it had detected the increase in compromised sites.
A spokesman for the WordPress Foundation, which oversees the platform, said the organization is working with WordCamp and WordSafes to address the issue.
“In light of the reports of a breach, the WordPress team has been working with our partners at WordCamp to help identify and fix the issues, and we are confident that we can take these issues and prevent further attacks,” said Matthew Sullivan.
“We are also monitoring WordCamp, WordSiteSecurity and WordSecurity’s blog for signs that the compromised sites are being used for other malicious activities.”