On the Wire (blog)
Attackers are scanning for new WordPress installations that haven’t been configured yet and compromising them and then using that access to take over entire sites. The attacks have been going on since May and researchers have seen many IP addresses