standard How Over 160,000 WordPress sites got hacked

If you have been running your own wordpress for any period of time then you know how easily they can get hacked.

The truth is WordPress is getting a lot better about this.  Especially since they now do automatic updates.

Here is a good article about how some hackers took over 162,000 wordpress blogs.

they used a technology called XML-RPC which I use A LOT for my Whizpress software.

They takeaway from all this to keep your WordPress blog updated.  Also remove as many plug-ins as possible.  Plug-ins are an easy way for Hackers to discover holes in WordPress.  then you are toast!

Here is the article:


Security researchers from Securi have recently uncovered attackers who they say have harnessed over 162,000 WordPress-powered websites to conduct distributed denial-of-service, or DDoS, against their targets. The technique makes use of XML-RPC, a protocol used by a range of WordPress and other blogging software to provide pingback, trackback and remote access on mobile devices to some users.

As reported on CSOOnline, the attackers essentially bypass caching and various protections built into the popular WordPress engine by calling for pages that don’t exist. Since no cached versions of the link will be available, this forces the server to work significantly harder to generate the dynamic responses, bringing it to a state of resource exhaustion more quickly. You can find the original report of this attack outlined in Securi’s blog entry here.

Not everyone considers the abuse of XML-RPC a threat however. In a statement to IDG News, Matt Mullenweg, the co-founder of WordPress noted that the “tradeoff” in pingback’s design has been there for a decade.

“It’s seldom used outside of experimentation because it gets shut down by anti-spam providers like Akismet or web hosts when used at any scale, and there are cheaper, easier and more effective ways to DDOS sites,” says Mullenweg. “That’s why no serious attacks (above 2gbps) use it.”

Still, wary administrators and website owners looking to disable their XML-RPC on their WordPress installations can check out the tips here.


See The Original Story click here

1 Comment

  1. I do not know whether it’s just me or if perhaps
    everyone else experiencing problems with your site. It appears as though some of the written text on
    your content are running off the screen. Can someone else please comment
    and let me know if this is happening to them as well?
    This could be a issue with my web browser because I’ve had this happen before.

    Feel free to visit my site: garcinia cambogia diet

Comments are closed.