[wp-hackers] WP's XML-RPC functionality a security vulnerability?
patty at ayersvirtual.com
Tue Jul 22 13:53:11 UTC 2014
Thanks to all for the information on this, much appreciated.
On Tue, Jul 22, 2014 at 8:04 AM, David Anderson <david at wordshell.net> wrote:
> I've noticed a huge surge in trash traffic to /xmlrpc.php on my big sites.
>> In my case they are coming from different IP's every time which makes them
>> very hard to block (and indicating a DDOS or at least distributed
> Distributed brute-force login attacks appear to have switched to using
> XMLRPC in the last couple of weeks. I'm seeing them on many sites. It seems
> reasonable to assume that this is because some of the solutions that
> protect against distributed and/or brute-force attacks aren't covering
> I posted this and asked (the very good) BruteProtect about their plans the
> week before last, but haven't heard what they think about it yet (the link
> also has more info about the attacks):
> Best wishes,
> UpdraftPlus - best WordPress backups - http://updraftplus.com
> WordShell - WordPress fast from the CLI - http://wordshell.net
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers