WordPress sites are being hunted by a botnet that is using over 20,000 previously compromised WordPress sites. When new sites become infected, they instantly become a part of the botnet and aid it in attempts to brute force logins on uncompromised sites. There have been five million authentication requests already blocked, and that number will continue to grow. This is an extensive scale attack where the previously-hacked sites carry out dictionary attacks on the sites that have yet to be infected. Utilizing this assault technique, the bots can perpetually attempt distinctive usernames and passwords until the point when the genuine code is distinguished, and the bot figures out how to break into a WordPress site. Fourteen thousand proxy servers are used to relay information through the servers and also list the targets for the bots to attack. Four C&C servers are used to deliver the commands to the bots and the proxy servers belong to a host in Russia.