Category: Security

How easy it is to impersonate someone in a comment? very much, all I need to do is claim that I am Barak Obama (insert any other celeb) and no one can prove that it…

Free Download

What is wrong with having a listing of user's post in {site name}/author/{user login}? Two things It allows an attacker to easily figure out the user name he should attack It can get ugly if…

Free Download

This plugin prevent the two sources of user enumeration attack, the backward compatibility to old URL formats, and trying to be nice to user by giving a detailed error messages at the login page Not…

Free Download

Wordpress login page is always located at {site url}/wp-login.php and this makes it very easy to brute force attack the login system. This plugin implements the most obvious solution to this problem and allows the…

Free Download

There are two problems with how XML-RPC is implemented in wordpress Every spammer and hacker know that the XML-RPC handler is accessible in {site address}/xmlrpc.php Functionality types which are not related to each other use…

Free Download

In a multi user enviroment, be it a multi author site or a multisite/network, You might run into a situation where most of the users do not need to use XML-RPC or you just prefer…

Free Download

This plugin fully disables publishing via the XML-RPC protocol for the XML-RPC publishing methods supported by WordPress core. In other words, applications like the WordPress iphone app will not be able to publish to the…

Free Download

This plugin fully disables XML-RPC support (Remote publishing, trackbacks, jetpack, whatnot) by deactivating all the registered methods (In more modern terminology they are equivalent to end point in REST type of API). A client application…

Free Download

This plugin mitigates the risks associate with the XML-RPC amplification brute force attack that was reported by sucuri. In a nutshell, the attack utilizes a fault in the definition of the part of the XML-RPC…

Free Download

In version 3.5 wordpress have enable by default publishing via the XML-RPC protocol to better serve people that use smartphones and want to be able to publish to their sites.  As part of the change…

Free Download