In a March 14, 2014 blog post, Brian Krebs revealed that his site, KrebsOnSecurity, which runs on WordPress, was hit by a DDoS attack:
On Wednesday, KrebsOnSecurity was hit with a fairly large attack which leveraged a feature in more than 42,000 blogs running the popular WordPress content management system (this blog runs on WordPress). This post is an effort to spread the word to other WordPress users to ensure their blogs aren’t used in attacks going forward.
I covered the details of the attack method in my last post, but I also want to help spread the word to other WordPress administrators via the list of attacking sites that Mr. Krebs provided:
My hosting provider shared with me a list of the WordPress blogs that were used in the attack on this blog. I’m sharing it here to get the attention of WordPress administrators. I realize that some readers will view this as providing a roadmap for attacks, but I’m hopeful that making this information public will decrease the number of blogs that can be used in future such attacks.