[wp-hackers] WP’s XML-RPC functionality a security vulnerability?
Jeremy Clarke
jer at simianuprising.com
Mon Jul 21 16:42:19 UTC 2014
I've noticed a huge surge in trash traffic to /xmlrpc.php on my big sites.
In my case they are coming from different IP's every time which makes them
very hard to block (and indicating a DDOS or at least distributed intrusion
attempt).
Originally they were coming in with a specific user-agent so I could at
least block them from loading the page, but today it seems they've switched
to empty user agents, making the requests a lot harder to block.
AFAIK there's no fundamental flaw in WP that would make all these requests
a security hazard, but anything that hits the login functionality in WP
over and over is going to have a bad performance impact because of
transients or whatever else gets saved to the DB when someone tries to log
in (which is probably what the XMLRPC requests are actually doing).
--
Jeremy Clarke
Code and Design • globalvoicesonline.org
More information about the wp-hackers
mailing list