Tag Archives for " Jetpack "

How to: Protect WordPress from brute-force XML-RPC attacks

2 June 2017
/ WordPress
/ By Jan Reilink
/ 2 COMMENTS
/

The WordPress XML-RPC API has been under attack for many years now. Back in August 2014, WordPress released version 3.9.2, fixing a possible denial of service issue in PHP’s XML processing. There are brute-force amplification attacks, reported by Sucuri, and so on. So, how do you protect WordPress from xmlrpc.php attacks, but still being able to use (some of) its functionality like Jetpack? This post gives you some insight.

Remove Jetpack email sharing service

19 May 2017
/ WordPress
/ By Jan Reilink
/ 1 COMMENT
/

Recently the WordPress Jetpack email sharing service is often abused by spammers. They use the Send to Email Address for sending spam. All these kind of “Tell a Friend” scripts are abused a lot. Here is how to disable email share service in WordPress Jetpack.

WordPress 3.9.2 Security Release fixes XML-RPC DoS

6 August 2014
/ Security
/ By Jan Reilink
/

WordPress 3.9.2 is now available as a security release for all previous versions. We strongly encourage you to update your sites immediately. This release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It was fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. This is the first time our two projects have coordinated on joint security releases.

Huge increase in WordPress xmlrpc.php POST requests

7 July 2014
/ WordPress
/ By Jan Reilink
/ 9 COMMENTS
/

WordPress xmlprc.php DDoS and brute-force attacks. How to identify, block, mitigate and leverage these xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites… Secure WordPress xmlprc.php interface and reduce service disruption.