Protect Now against Brute Force Amplification Attacks Against WordPress XML-RPC
The latest reports reveal how hackers have upped their game using one of their oldest and most common attacks methods via XML-RPC. In short, these hackers can now apply brute force when trying to login to a WordPress website. Traditionally a hacker would attempt to login using 1 username and 1 password. Now with this vulnerability, they can now, for example, use 1 username and say 500 password in one attempt. This amplification method can make the job of an attacker much easier.
How can you protect yourself from this XML-RPC brute force attack?
The short answer is, block access to xmlrpc.php. However, this could break some functionality in some plugins. So check your site and make any changes necessary.
Need help? Don’t have the time? WP Assist is standing by.
XML-RPC works by sending a HTTP request to a server implementing the protocol. The client in that case is typically software wanting to call a single method of a remote system. Multiple input parameters can be passed to the remote method, one return value is returned. The parameter types allow nesting of parameters into maps and lists, thus larger structures can be transported. Therefore, XML-RPC can be used to transport objects or structures both as input and as output parameters.
Identification of clients for authorization purposes can be achieved using popular HTTP security methods. Basic access authentication is used for identification, HTTPS is used when identification (via certificates) and encrypted messages are needed. Both methods can be combined.