Recently we began monitoring increasing number of WordPress xmlrpc attacks, where a large number of passwords is submitted for user “admin” via xmlrpc.php file. Our security system blocks such attempts for all Managed Hosting clients or cPanel with Account Shield protectio, so they do not even hit WordPress websites. However, WordPress websites running elsewhere may be vulnerable. Below we publish one of the lists of passwords submitted as XML POST request, make sure your “admin” user password is not one of those. The XML file submitted typically consists of around 1000 passwords, making usual brute force attack a more efficient […]
Continue reading