{"id":141738,"date":"2015-10-12T09:38:17","date_gmt":"2015-10-12T07:38:17","guid":{"rendered":"http:\/\/mybroadband.co.za\/news\/?p=141738"},"modified":"2015-10-12T09:39:07","modified_gmt":"2015-10-12T07:39:07","slug":"wordpress-brute-force-amplification-attack-warning","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/141738-wordpress-brute-force-amplification-attack-warning.html","title":{"rendered":"WordPress brute force amplification attack warning"},"content":{"rendered":"<p>Daniel Cid, CTO of Sucuri, <strong><a href=\"https:\/\/blog.sucuri.net\/2015\/10\/brute-force-amplification-attacks-against-wordpress-xmlrpc.html\" target=\"_blank\">has warned WordPress users<\/a><\/strong> about brute force password attacks using Brute Force Amplification against WordPress websites.<\/p>\n<p>Brute force attacks are nothing new, and have become easy to guard against. However, with Brute Force Amplification the risk is higher.<\/p>\n<p>\u201cWhat if the attacker could try 500 passwords in one shot?\u201d asked Cid, adding that Brute Force Amplification attacks are similar to DDoS amplification attacks.<\/p>\n<p>This is exactly what is happening with many WordPress sites, where attackers use WordPress\u2019s XML-RPC.<\/p>\n<p>Below is an illustration of the attacks Sucuri has seen targeting the XML-RPC system.multicall method, and are attributed to these brute force attempts.<\/p>\n<p>\u201cRemember, each request can signify an attack of hundreds, if not thousands of username\/password brute force attempts,\u201d said Cid.<\/p>\n<div id=\"attachment_141740\" style=\"width: 640px\" class=\"wp-caption aligncenter\"><a  data-lightbox=\"post-image\" href=\"http:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2015\/10\/Sucuri-BruteForce-Amplification-Attacks-WordPress-XMLRPC-2015.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-141740\" class=\"wp-image-141740\" src=\"http:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2015\/10\/Sucuri-BruteForce-Amplification-Attacks-WordPress-XMLRPC-2015.jpg\" alt=\"Sucuri BruteForce Amplification-Attacks WordPress XMLRPC 2015\" width=\"630\" height=\"353\" srcset=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2015\/10\/Sucuri-BruteForce-Amplification-Attacks-WordPress-XMLRPC-2015.jpg 1004w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2015\/10\/Sucuri-BruteForce-Amplification-Attacks-WordPress-XMLRPC-2015-640x358.jpg 640w\" sizes=\"(max-width: 630px) 100vw, 630px\" \/><\/a><p id=\"caption-attachment-141740\" class=\"wp-caption-text\">Sucuri BruteForce Amplification-Attacks WordPress XML-RPC 2015<\/p><\/div>\n<h3 class=\"my-4\">Protecting against brute force password attacks<\/h3>\n<p>Cid said he used to recommend blocking access to xmlrpc.php, but that broke some plugins&#8217; functionality (mostly JetPack).<\/p>\n<p>\u201cWith that in mind, if you are not using JetPack or any of the other plugins that require XML-RPC, it might be a good idea to block direct access to it.&#8221;<\/p>\n<p>He said\u00a0if you can\u2019t block XML-RPC, he recommends blocking system.multicall requests, as this will\u00a0help protect against these amplification methods.<\/p>\n<h3 id=\"related\">More security news<\/h3>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/140790-hacker-batman-may-be-out-there-watching-over-your-adsl-router.html\"><strong>Hacker Batman may be out there, watching over your ADSL router<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/139156-anc-linked-businessmen-bought-super-cellphone-spying-device.html\"><strong>ANC-linked businessmen bought super cellphone spying device<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/137986-beware-of-these-atm-insert-skimmers-which-steal-your-bank-card-information.html\"><strong>Beware of these ATM Insert Skimmers which steal your bank card information<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security firm Sucuri is warning users about brute force password attacks on WordPress websites.<\/p>\n","protected":false},"author":23,"featured_media":141744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[36,33366,33364,32820,9647],"class_list":["post-141738","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-active","tag-brute-force-amplification","tag-daniel-cid","tag-sucuri","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/141738"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=141738"}],"version-history":[{"count":2,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/141738\/revisions"}],"predecessor-version":[{"id":141748,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/141738\/revisions\/141748"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/141744"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=141738"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=141738"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=141738"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}