Adversaries are injecting malicious JavaScript into numerous WordPress websites that triggers phony bot-related checks.