Tag: wordpress

Vulnerabilities

Black box WordPress vulnerability scanner

WPScan is a black box WordPress vulnerability scanner. WPSCAN ARGUMENTS –update Update the database to the latest version. –url | -u The WordPress URL/domain to scan. –force | -f Forces WPScan to not check if the remote site is running WordPress. –enumerate | -e [option(s)] Enumeration. option : u usernames from id 1 to 10 …

Brute-force, News

Global WordPress brute force attack

The last few days there is an on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence.  This attack is well organized and distributed. http://blog.hostgator.com/2013/04/11/global-wordpress-brute-force-flood/ http://blog.cloudflare.com/patching-the-internet-fixing-the-wordpress-br To protect your blog, remove default admin account and create a new one with a different username change your administrator password install a captcha …