An estimated one million WordPress websites have been compromised during a long-lasting campaign that exploits "all known and recently discovered theme and plugin vulnerabilities" to inject a Linux ...