Category: Security
Prevent impersonation of registered users in the comments
How easy it is to impersonate someone in a comment? very much, all I need to do is claim that I am Barak Obama (insert any other celeb) and no one can prove that it…
User display name as slug (instead of login name)
What is wrong with having a listing of user's post in {site name}/author/{user login}? Two things It allows an attacker to easily figure out the user name he should attack It can get ugly if…
Prevent User Enumeration Attacks
This plugin prevent the two sources of user enumeration attack, the backward compatibility to old URL formats, and trying to be nice to user by giving a detailed error messages at the login page Not…
Rename login page URL to fight brute force attacks
Wordpress login page is always located at {site url}/wp-login.php and this makes it very easy to brute force attack the login system. This plugin implements the most obvious solution to this problem and allows the…
Rename the XML-RPC and Pingback URLs
There are two problems with how XML-RPC is implemented in wordpress Every spammer and hacker know that the XML-RPC handler is accessible in {site address}/xmlrpc.php Functionality types which are not related to each other use…
Enable XMLRPC Access Per User
In a multi user enviroment, be it a multi author site or a multisite/network, You might run into a situation where most of the users do not need to use XML-RPC or you just prefer…
Disable XML-RPC publishing
This plugin fully disables publishing via the XML-RPC protocol for the XML-RPC publishing methods supported by WordPress core. In other words, applications like the WordPress iphone app will not be able to publish to the…
Fully disable XML-RPC
This plugin fully disables XML-RPC support (Remote publishing, trackbacks, jetpack, whatnot) by deactivating all the registered methods (In more modern terminology they are equivalent to end point in REST type of API). A client application…
XML-RPC brute force amplification attack Cure
This plugin mitigates the risks associate with the XML-RPC amplification brute force attack that was reported by sucuri. In a nutshell, the attack utilizes a fault in the definition of the part of the XML-RPC…
Control publishing via XML-RPC, multisite/network edition
In version 3.5 wordpress have enable by default publishing via the XML-RPC protocol to better serve people that use smartphones and want to be able to publish to their sites. As part of the change…