Another wave of wordpress attacks


Content Contributer
Got some email notifications for login failures on some wordpress blogs I host.

103320 lockouts.
1180 IP are currently blocked from trying to log in.

What the heck?

Looks like they are using the xml-rpc interface (so password secured wp-admin does not help).

Clever trick because xml-rpc is activated by default in the latest wordpress version and there is no gui button to deactivate it (there is a plugin for that).


100% Tier-1 Gogent
Wordpress = SAD.

Popularity contest software nearly always ends in such mass horror.


100% Tier-1 Gogent
No doubt, you keep on things.   Plenty of updates, constant hacks against WP.  Plugins that are very questionable.  Plus everyone using it = inevitable mass issues.