Get Superior Results with Superior Service

WordPress Vulnerable to XML-RPC Hack

You wouldn’t park your car in New York City and leave it unlocked while you got lunch, would you? Hopefully you’re not doing the same thing with your WordPress website either. There is a new exploit making its rounds on the Internet, and it’s something you need to know about. It’s called a brute force attack, which you may already  have heard of. However, this is no ordinary problem. This time, hackers have found a way to try multiple logins at the same time to your WordPress administration area, using something called the XML-RPC protocol. Let’s take a look at what that means for you.

A Brute Force Attack on Steroids

In a normal brute force attack, a malicious program goes to the login area of a website and begins to try different usernames and passwords.  WordPress does not limit the number of invalid login attempts.  The malicious program will continue guessing until it gains access to your WordPress administration area. Your site then belongs to the hackers.  Some “secured” WordPress installations limit the number of login attempts but even some of these are vulnerable to this new attack vector. 

Hackers found a way to inject more guesses into every try. Now, instead of only being able to try one username and password combination per guess, a hacker can try hundreds or even thousands.  Previously, the limiting factor for hackers was the amount of time it took to send a single username and password combination to your site, many times.   Now, with the ability to send thousands of combinations at one time, your site can be hacked in seconds.  Even with a good password, your WordPress site is vulnerable.

Protecting Against This Attack

The good news is that protecting against this kind of hack isn’t difficult. Superiocity offers a comprehensive WordPress Management Plan. For just $30 a month you can ensure that your website is protected. No hassles and no worries. Not only will your website be protected, but you’ll also get lots of other great services like daily off-site backups, automatic updates for your plugins and daily security scans.  

Of course, you should also protect yourself by changing your password. The longer and less logical, the better. Brute force attacks often start guessing passwords based on known words. These are called dictionary attacks and it’s a common method employed by hackers. If your password makes no sense then there is less chance that a computer is going to be able to guess it.

As programmers become more aware of this exploit, there will be patches and updates to take care of the problem. However, we can never know what future hack will be discovered. That’s why it’s always a good idea to sign up for a service that guarantees your website is protected. Check out Superiocity’s full lineup of web hosting services, and ensure that your website is in good hands.