Recently, a new brute force attack method for WordPress instances was identified by Sucuri. This latest technique allows attackers to try a large number of WordPress username and password login combinations in a single HTTP request. The vulnerability can easily Continue reading A Look at the New WordPress Brute Force Amplification Attack
Proxying around 5% of the Internet’s requests gives us an interesting vantage point from which to observe malicious behavior. However, it also makes us a target. Aside from the many and varied denial of service (DDoS) attacks that break against Continue reading Of Phishing Attacks and WordPress 0days
At CloudFlare a lot of our customers use WordPress, that's why we have our own plugin, we hang out at WordCamp and we wrote a WordPress specific ruleset for our Web Application Firewall. WordPress' ubiquity on the web can make Continue reading WordPress Pingback Attacks and our WAF
There is currently a significant attack being launched at a large number of WordPress blogs across the Internet. The attacker is brute force attacking the WordPress administrative portals, using the username “admin” and trying thousands of passwords. It appears a Continue reading Patching the Internet in Realtime: Fixing the Current WordPress Brute Force Attack