It appears that attacks on WordPress sites using a vulnerability in the REST API have risen in intensity the past few days.
Attackers have reportedly defaced over 39,000 domains (1.5 million pages) according to a report from BleepingComputer:
"Initial attacks using the WordPress REST API flaw were reported on Monday by web security firm Sucuri, who said four groups of attackers defaced over 67,000 pages. The number grew to over 100,000 pages the next day, but according to a report from fellow web security firm WordFence, these numbers have skyrocketed today to over 1.5 million pages, as there are now 20 hacking groups involved in a defacement turf war."
If you're not running the latest edition of WordPress, or have outdated plugins that need updating, now would be a great time to do that.