A Look at the New WordPress Brute Force Amplification Attack

Published on by Pasha Kravtsov.

Recently, a new brute force attack method for WordPress instances was identified by Sucuri. This latest technique allows attackers to try a large number of WordPress username and password login combinations in a single HTTP request. The vulnerability can easily be abused by a simple script to try a significant

Of Phishing Attacks and WordPress 0days

Published on by Marc Rogers.

Proxying around 5% of the Internet’s requests gives us an interesting vantage point from which to observe malicious behavior. However, it also makes us a target. Aside from the many and varied denial of service (DDoS) attacks that break against our defenses, we also see huge number of phishing

Flexible SSL & Wordpress: Fixing “Mixed Content” Errors

Published on by David Fritsch.

As many are aware, CloudFlare launched Universal SSL several months ago. We saw lots of customers sign up and start using these new, free SSL certificates. For many customers that didn’t already have an SSL certificate, they were able to use “Flexible SSL”. Flexible SSL creates a secure (HTTPS)

Automatic protection for common web platforms

Published on by John Graham-Cumming.

If you are a CloudFlare Pro or above customer you enjoy the protection of the CloudFlare WAF. If you use one of the common web platforms, such as WordPress, Drupal, Plone, WHMCS, or Joomla, then it's worth checking if the relevant CloudFlare WAF ruleset is enabled. That's because CloudFlare pushes