Some of Our Sources
- Engadget
- Web Designer Wall
- Just Creative
- Pearsonified
- Smashing Magazine
- Web Design Ledger
- 24 Ways
- Wal You
- Android Headlines
- Willems Lab
Help Webnuz
Referal links:
October 11, 2015 04:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/TS-LWLTJibE/wordpress-brute-force-attacks-using-multiple-passwords-per-login-via-xml-rpc
Wordpress Brute Force Attacks Using Multiple Passwords Per Login Via XML-RPC
An anonymous reader writes: Online security firm Sicuri note a vertical rise in brute force attacks against WordPress websites using Brute Force Amplification, where a thousand passwords can be submitted within the scope of a single login attempt. The company notes that disabling the protocol is likely to interfere with the functionality of many plugins which rely on it. The Stack reports: "Sicuri note that most of the BFA calls are targeting the WordPress category enumerating hook wp.getCategories, and are targeting the ‘admin’ username, along with predictable default usernames. Sicuri recommend blocking system.multicall requests via a Web Access Firewall if available, but note that so many WordPress plugins depend on the point of vulnerability xmlrpc.php that blocking access to that functionality may interfere with normal operation of the site. The iThemes security system offers functionality to specifically disable XML-RPC as well, but this also requires a check against normal functioning of the site."at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/TS-LWLTJibE/wordpress-brute-force-attacks-using-multiple-passwords-per-login-via-xml-rpc
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot