/plushcap/analysis/cloudflare/a-look-at-the-new-wordpress-brute-force-amplification-attack

A Look at the New WordPress Brute Force Amplification Attack

What's this blog post about?

A new brute force attack method for WordPress instances has been identified by Sucuri, allowing attackers to try a large number of username and password login combinations in a single HTTP request. This latest technique is harder to detect since it doesn't necessarily flood the server with requests. The vulnerability can be exploited using XML-RPC, which uses XML encoding over HTTP to provide a remote procedure call protocol commonly used for APIs and automated tasks in WordPress instances. CloudFlare paid customers have the option to enable a Web Application Firewall ruleset to stop this new attack method.

Company
Cloudflare

Date published
Oct. 16, 2015

Author(s)
Pasha Kravtsov

Word count
838

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.