Between 29 of May 31 May 2020, Wordfence reported to blocked more than 130 million attacks. The attacks attempted to capture passwords in databases from more than 1.3 million domains through the installation configuration files.
The Hackers tried to download the file type wp-config.php containing credentials and connection information, in addition to unique keys and salts for authentication. The whole attack was connected to a further large-scale assault on thousands of vulnerable websites that started on 28 April and re-established on 11 May.
The attacker was trying, exploit plugins patched month and even years earlier and previously targeted in other attacks, to create security holes or redirect visitors to malicious pages. On 3 May alone, the attack took place.