Webnerd - Website Security

In this topic we address various aspects of website security.  We attempt to write about the most recent threats that all site owners should be aware of.

Wordpress XML-RPC vulnerability

Wordpress is a content management system (CMS) that is extremely popular.  Along with the many positives popularity offers come the negatives.

In Hollywood these negatives are known as papparazzi – in Nerdville they are known as hackers. These hackers continuously attempt to exploit possible weaknesses offered by CMS packages.

Wordpress offers a remote access point known as xmlrpc for things like mobile apps and remote updates. This opens up many opportunities for useful applications and allows developers to get more creative. 

For hackers this acts as a potential access point which due to its efficiency means that they are able to submit hundreds of password attempts within only a few HTTP requests.

How to recognise an attack:

Usually your host will inform you of the attack however as levels of concern vary from host to host, if you suspect you are under attack you should check for the following symptoms:

  • “Error establishing database connection” randomly appears on you WordPress site.
  • “Out of memory” errors will appear in your error logs.
  • Missing files and folder type errors “Cannot open the file no such file/directory”.
  • “POST /xmlrpc.php HTTP/1.0” error.

How to neutralise the attack.

If you are a server administrator and you have no sites on your server that will be negatively impacted by this then you may want to consider blocking all communication to the file xmlrpc.php

You can do this by adding the following code to your webservers document root.

Apache

< VirtualHost > … < files xmlrpc.php > order allow,deny deny from all < /files > < /VirtualHost >

NGINX

server { … location /xmlrpc.php { deny all; } }

If you have a Wordpress site and are not using the service then you can add this to your .htaccess file.

# Block WordPress xmlrpc.php requests < Files xmlrpc.php > order deny,allow deny from all < /Files > # END protect xmlrpc.php

If you are using remote access then you should consider using a plugin such as Jetpack or any other suitable security module.

Please feel free to contact a Webnerdian to help out.

Written by: Lance Davey

Reader views

Be the first to comment on this

Comment on this article.

Published: 255 days ago
Total Views: 360

Related articles:

Your cart contains no items.