[wp-hackers] WP's XML-RPC functionality a security vulnerability?

David Anderson david at wordshell.net
Tue Jul 22 12:04:52 UTC 2014


> I've noticed a huge surge in trash traffic to /xmlrpc.php on my big sites.
> In my case they are coming from different IP's every time which makes them
> very hard to block (and indicating a DDOS or at least distributed intrusion
> attempt).

Distributed brute-force login attacks appear to have switched to using 
XMLRPC in the last couple of weeks. I'm seeing them on many sites. It 
seems reasonable to assume that this is because some of the solutions 
that protect against distributed and/or brute-force attacks aren't 
covering XMLRPC.

I posted this and asked (the very good) BruteProtect about their plans 
the week before last, but haven't heard what they think about it yet 
(the link also has more info about the attacks):

http://wordpress.org/support/topic/brute-forcing-via-xmlrpc

Best wishes,
David

-- 
UpdraftPlus - best WordPress backups - http://updraftplus.com
WordShell - WordPress fast from the CLI - http://wordshell.net




More information about the wp-hackers mailing list