Brute Force attacks are one of the oldest and most common types of attacks that we still see on the Internet today. These attacks are often not very complex and are theoretically easy to stop and mitigate, but they still happen and are successful; mostly, because people are very bad at choosing good passwords, or employing good access control habits.
XML-RPC: CMS with XML_RPC are commonly attacked by BFA in attempt guess admin password and login to your WordPress, Drupal website.
XML-RPC is a simple, portable way to make remote procedure calls over HTTP. It can be used with Perl, Java, Python, C, C++, PHP and many other programming languages. WordPress, Drupal and most content management systems support XML-RPC.XML-RPC is a simple, portable way to make remote procedure calls over HTTP. It can be used with Perl, Java, Python, C, C++, PHP and many other programming languages. WordPress, Drupal and most content management systems support XML-RPC.
We recommend that you disable all xmlrpc.php requests from the .htaccess file before the request is even passed onto WordPress or Drupal. Simply paste the following code in your .htaccess file
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
# allow access from my IP
allow from 123.123.123.123
</Files>
This method is the simplest way to prevent attack but may disable certain remote features of CMS. You can explore other more complex methods of achieving the same if required.
WP-LOGIN: There have now been several large scale WordPress wp-login.php brute force attacks, coming from a large amount of compromised IP addresses spread across the world. A large botnet of around 90,000 compromised servers has been attempting to break into WordPress websites by continually trying to guess the username and password to get into the WordPress admin dashboard.
We recommend that you secure wp-login.php requests from the .htaccess file before the request is even passed onto WordPress. Simply paste the following code in your .htaccess file
# Block WordPress xmlrpc.php requests
<Files wp-login.php>
order deny,allow
deny from all
# allow access from my IP
allow from 123.123.123.123
</Files>
The above are preliminary steps to secure your CMS. We recommend reading the links below for additional steps to secure your WordPress installation.
Recommended reading
- http://codex.wordpress.org/Hardening_WordPress
- https://www.wordfence.com/blog/2015/12/announcing-the-wordpress-security-learning-center-free-for-the-community/
- https://premium.wpmudev.org/blog/keeping-wordpress-secure-the-ultimate-guide/
- https://codex.wordpress.org/FAQ_My_site_was_hacked
