• Home
  • Contact
  • FAQs
    • What is Webcomics.com?
    • Member Benefits
    • How To Post an Article or News Item
    • How to Post a Webcomic on the List
    • How to Post a Comic
    • Terms of Service
  • Forums
  • WebComics List
  • Benefits
    • Print Vendors: Get multiple quotes
    • Banner stand: Discount
    • Consultation discount
    • “How To Make Webcomics” book: discount
    • “Webcomics Handbook”: discount
    • ALL benefits
  • My Account
    • Welcome
    • What is Webcomics.com?
    • My Subscription
    • Join us!
  • Account
  • Membership List
Twitter Email RSS

Webcomics.com

How To Make WebComics

WebComic Handbook

‹ Webcomics.com poll: Buffers Square files for IPO ›

Potential WordPress login Exploit (via XML-RPC)

Cult of BobThis post has been submitted by Webcomics.com member JJ Sandee, creator of Cult of Bob.

A recent exploit for WordPress has been going around that you should at the very least be aware of. Now it’s not an exploit in the sense that someone can gain access to your website through some backdoor, it’s more that because of the way a part of WordPress is built, doing a brute force is made easier.

The short version: If you have a plugin that limits repeated logins, you’re pretty much safe.

Read on to understand the details.

Brute Force Attack
A brute force attack means that someone just keeps trying username and password combinations until they gain access. Since we’re dealing with computers this means this can be automated. Which is always the case. Automated scripts will simply constantly attempt to log in to your website until they’re logged in.

XML-RPC
The XML-RPC protocol is basically a system that is part of WordPress that allows editing content on the site without using the normal admin. Examples of this are the Mobile App, and certain other tools that let your edit content. There are plugins that use this system to read and write data for both convenience and security, since it requires logging in to get at the data.

The basis of the exploit
The basic idea of the exploit is that XML-RPC allows multiple concurrent logins at once. The attack sends WordPress multiple names and passwords to try and log in. This is far more efficient than constantly reloading the login page. These scripts will either use commonly used usernames and passwords, or go through a list of farmed logins and passwords. Depending on what is available.

Motive
Unless you are a very high profile website, the primary reason to hack your site is to infect it with malware with the express purpose of further infecting other computers. These infected computers will then go on the hack or infect other computers. The general term for this is a Botnet (network of robots) and they tend to run entirely automated once started.

Solutions
One way is to turn off XML-RPC but this can break your site as various plugins might rely on it. A better method, and this has already been discussed in previous security related posts, is to limit the number of logins using a plugin such as Wordfence. (note: I am not affiliated with this plugin, merely pointing it out as being good) The login function goes through the same system regardless of using XML-RPC or the login page. So any limiter will block multiple login attempts.

Future
Because WordPress is used so widely, it’s a popular target to spread malware. Stuff like this will pop up regularly, but because it has such a large community, updates are quickly released to combat these issues. It’s important to be vigilant of updates, and potential threats as they pop up.

Share this:

  • Facebook
  • Twitter
by JJ Sandee on October 13, 2015
Posted In: Uncategorized
Comments available to logged in users only.


Recent comments

  • Jaycee Knight on ComicLab Ep 171 — NFTs for webcomics?
  • Jaycee Knight on ComicLab Ep 171 — NFTs for webcomics?
  • Shadowmark Productions on NFTs
  • Jaycee Knight on ComicLab Ep 170 — Craptastic to Fantastic
  • fleen on NFTs

Search




Webcomics.com Poll

I design my comic specifically for smartphones and digital tablets.

View Results

Loading ... Loading ...
  • Polls Archive

Categories

  • Archive Dive
  • Articles
    • Advertising
    • Art
    • Business
    • Community
    • Conventions
    • Creativity
    • Crowdfunding
    • Digital publishing
    • Image prep
    • Lettering
    • Marketing / Social Media
    • Merchandise
    • Print publishing
    • Tech
    • Web site
      • Web Site Design
    • Writing
  • ComicLab
  • Edited and Ready
  • Events
  • Guest
  • Hot Seat critiques
  • Information
  • Interviews
  • Livestream Chat
  • Mail Bag
  • Member Benefits
  • Promos
  • Site News
  • Studios
  • Surviving Creativity
  • To-Do List
  • Uncategorized
  • Video
  • Webcomics Confidential
  • Webcomics Weekly
  • Webcomics.com Poll

Tags

AdSense advertising Comic Easel comments composition contract copyright creativity exercise credit cards Crowdfunding digital lettering digital publishing Facebook Google Analytics holiday Humor IP KDP Kickstarter Kindle legal lettering line weight Longform comics Manga Studio merchandise NCS panels Patreon Promotion PulsePoint readers revenue SEO shipping social media Square taxes trademark Twitter typography Web design word balloons WordPress writing

Special Features

Just now, in the forum…

  • Is the concept of a frequency of updates outdated now?
  • Should I pull my comic rom Webtoons?
  • Patreon: upfront charging or not?
  • Longform webcomics
  • Quantity time vs quality time on social media

Recent Posts

  • Why Artfol is destined for failure
  • Tax time — and some advice if you owe money
  • Page turns and Story beats
  • ‘Ringo Awards nominations
  • A new strategy for the much-maligned calendar

Recent Replies

  • Brad Guigar on Is the concept of a frequency of updates outdated now?
  • Bryceart on Should I pull my comic rom Webtoons?
  • Brad Guigar on Should I pull my comic rom Webtoons?
  • MynameizJR on Should I pull my comic rom Webtoons?
  • MynameizJR on Longform webcomics

Recent Topics

  • Is the concept of a frequency of updates outdated now? by MynameizJR
  • Should I pull my comic rom Webtoons? by Bryceart
  • Patreon: upfront charging or not? by Jaycee Knight
  • Longform webcomics by MynameizJR
  • Quantity time vs quality time on social media by MrMcCloud

Recent Comments

  • Jaycee Knight on ComicLab Ep 171 — NFTs for webcomics?
  • Jaycee Knight on ComicLab Ep 171 — NFTs for webcomics?
  • Shadowmark Productions on NFTs
  • Jaycee Knight on ComicLab Ep 170 — Craptastic to Fantastic
  • fleen on NFTs
  • My Subscription
  • Contact
  • Store
  • Terms of Service
  • Account
  • Membership List

©2007-2021 Webcomics.com | Powered by WordPress with ComicPress | Subscribe: RSS | Back to Top ↑