DETECTION OVERVIEW

WordPress Brute Force

Risk Factors

WordPress is a popular website and blog hosting platform. Users authenticate to WordPress through a standard login page. This single point of entry is easily targeted with a simple brute force attack. After gaining unauthorized access, the attacker can take advantage of a Wordpress host with a credible reputation to maliciously send spam or launch other harmful attacks.

The system might change the risk score for this detection.

Kill Chain

Exploitation

Risk Score

Attack Background

A brute force attack is a method for finding valid credentials by guessing a user password. Working with software and pre-built or custom password lists, an attacker sends several username and password combinations to the WordPress login URI, which is wp-login.php. If an attacker guesses the right password for a given username, they could gain unauthorized access to the Wordpress site through the compromised account.

Mitigation Options

Implement a policy to lockout users after a specific number of failed authentication attempts

Implement two-factor authentication (2FA) on the WordPress host

Enforce a strong password creation policy

MITRE ATT&CK ID

T1110

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases