wp.getUsersBlogs XMLRPC Brute Force Attack/Vulnerability
After the holiday weekend, one of the larger sites I manage had a brute force attack on it. The attacker was attempting to use the wp.getUsersBlogs function and a list of popular usernames and passwords. A quick bit of research shows me that after a successful attempt this function will return whether or not the … Read more