Signature Detail

Short Name	HTTP:PHP:WP-XMLRPC-BRUTE
Severity	High
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	WordPress XMLRPC wp.getUsersBlogs wp.getComments bruteforce login
Release Date	2014/07/30
Update Number	2404
Supported Platforms	idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: WordPress XMLRPC Brute Force Login Attempt

This signature detects repeated attempts to login to a WordPress website using XMLRPC. This may be an indication of a brute-force attack to gain access to the site, or possibly an automated blog posting system with bad credentials. If the source IP address is known to you, you may need to check its configuration, otherwise, this is possibly a malicious event.

References

URL: http://blog.sucuri.net/2014/07/new-brute-force-attacks-exploiting-xmlrpc-in-wordpress.html

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: WordPress XMLRPC Brute Force Login Attempt

References