A Look at the New WordPress Brute Force Amplification Attack
A new brute force attack method for WordPress instances has been identified by Sucuri, allowing attackers to try a large number of username and password login combinations in a single HTTP request. This latest technique is harder to detect since it doesn't necessarily flood the server with requests. The vulnerability can be exploited using XML-RPC, which uses XML encoding over HTTP to provide a remote procedure call protocol commonly used for APIs and automated tasks in WordPress instances. CloudFlare paid customers have the option to enable a Web Application Firewall ruleset to stop this new attack method.
Company
Cloudflare
Date published
Oct. 16, 2015
Author(s)
Pasha Kravtsov
Word count
838
Language
English
Hacker News points
None found.