During last few weeks I’ve witnessed repeated semi-successful attacks against WordPress sites. This attack is easy to recognize – server response is extremely slow and if you take a look at apache ‘server-status’ page you will see multiple ‘POST /wp-login.php’ requests from different IPs.
Read more »
Tag Archives: mod_rewrite
Sysadmin: How to protect WordPress against “POST /wp-login.php” attacks
Posted by admin
on 08/29/2013
No comments
.htaccess anti-RFI mod_rewrite rules
Posted by al3x
on 10/15/2010
No comments
RFI – Remote File Inclusion (or “nesting” – though last term is not so widely used, and it’s not the same as XSS I beleive) is very serious security threat – especially in webhosting environment where there is no time and manpower available to audit and vet all customers PHP scripts. Let’s see if there are other ways to reduce the threat