There is a large hope in the security for PHP going around being used in the wild against WordPress setups. The first two things you should do, if you host your own WordPress server is upgrade the WP core to 5.0.3 and update PHP at once. Obviously backup the website(s) and the site databases and mirror the machine in the unlikely event this goes south for you.
The best thing to do is pay for and install wordfence; the firewall for WordPress.
If you do not on your own machines these websites are run on, email the upstream and tell them to upgrade WP to 5.0.3 and to upgrade PHP.
Since updating everything including wordfence I have noticed an enormous uptick in abusive behavior from the same IP addresses so trying the same thing in phone. After adding these IPs to wordfence I can relax now.
Good luck to you all.