Wordfence, the security plugin for WordPress sites, reported in its blog this week that its Threat Intelligence Team observed a single malware campaign target more than 900,000 WordPress sites over the past month, with over half of the attacks occurring on May 3. The researchers clocked over 24,000 distinct IP addresses launching the mammoth attack, which takes advantage of previously known vulnerabilities. While fixes have already been developed for the flaws – some from years ago – the attackers are banking on the notion that many WordPress site owners have still not updated.