FortiGuard Labs identified an ongoing, previously unseen CMS scanner and brute forcer, dubbed GoTrim, installed in infected WordPress sites on Linux systems. The botnet detects and evades anti-bot techniques used by web hosting providers and CDNs, such as Cloudflare and SiteGround. WordPress site owners are recommended to use stronger administrator account passwords and upgrade the base CMS software.