Website Security News
We regularly talk about brute force attacks on WordPress sites and explain why WordPress credentials should always be unique, complex, and hard to guess. However, the WordPress login is not the only point of entry that hackers use to break into sites. Since the WordPress…
Read More about WordPress Database Brute Force and Backdoors
We discovered a xmlrpc.php brute-force tool in a malicious PHP script that appears to have been uploaded months ago after a vulnerable GDPR plugin exploit: $data = $_POST[‘data’]; $parameter =…
Ask Sucuri: My site is under a brute force attack. What can I do? How can we solve this password guessing problem known as brute forcing? This is a common…
Read More about Ask Sucuri: How to Stop Brute Force Attacks?
A few weeks ago we ran an experiment to see how long it would take for some IPv4-only and IPv6-only servers to be compromised via SSH brute force attacks. We…
Just a quick reminder: Don’t use common words and easy character combinations as passwords. Your compromised site can be used to hack third-party sites. A real world confirmation of the…
Brute force attacks are one of the oldest and most common types of attacks that we still see on the Internet today. If you have a server online, it’s most…
Read More about Brute Force Amplification Attacks Against WordPress XMLRPC
One of the first server-level compromises I had to deal with in my life was around 15 years ago, and it was caused by an SSH brute force attack. A…
Read More about WordPress Brute Force Attacks – 2015 Threat Landscape
Brute force attacks against WordPress have always been very common. In fact, Brute Force attacks against any CMS these days is a common occurrence, what is always interesting however are…
Read More about New Brute Force Attacks Exploiting XMLRPC in WordPress
Many are likely getting emails with the following subject header: Large Distributed Brute Force WordPress Attack Underway – 40,000 Attacks Per Minute. Just this week we put out a post…
Update: Brute force protection now available: http://cloudproxy.sucuri.net/brute-force-protection A few months ago, we discussed and published details about a very large brute force attack targeting WordPress sites. The attackers (bad guys)…
Read More about Big Increase in Distributed Brute Force Attacks Against Joomla Websites
Update: Brute force protection now available: http://cloudproxy.sucuri.net/brute-force-protection Over the past few months there has been a lot of discussion about WordPress Brute Force attacks. With that discussion has come a…
