Attackers are hijacking vulnerable home routers to launch attacks against WordPress sites. The attacks exploit two flaws in the TR-069 router management protocol to send malicious requests to port 7547. Experts have been advising home users to limit access to port 7547.
Internet service providers (ISPs) could take steps to help prevent these attacks by filtering traffic coming from the public Internet that is targeting port 7547.
Note: “We have seen a huge uptick in WordPress attack traffic in the last week, which is almost certainly due to this attack. However, telling “home users” to limit access to port 7547 is almost useless. If we expect to combat these types of flaws in the future, we need to issue advice that users can actually follow. I’m happy if a home user has enabled automatic updates. I doubt most know how to block port 7547.
Read more here: Home Routers Used to Hack WordPress Sites