====== PFSense - Suricata - Alerts - ET SCAN Possible WordPress xmlrpc.php BruteForce in Progress - Response ======

XML-RPC is a feature of WordPress that enables data to be transmitted, with HTTP acting as the transport mechanism and XML as the encoding mechanism.

Since WordPress is not a self-enclosed system and occasionally needs to communicate with other systems, this was sought to handle that job.

The biggest issues with XML-RPC are the security concerns that arise.  The issues aren’t with XML-RPC directly, but instead how the file can be used to enable a brute force attack on your site.

The are two main weaknesses to XML-RPC are:

  - Using brute force attacks to gain entry to your site.
    * An attacker will try to access your site using xmlrpc.php by using various username and password combinations.
    * They can effectively use a single command to test hundreds of different passwords.
    * This allows them to bypass security tools that typically detect and block brute force attacks.
  - The second was taking sites offline through a DDoS attack.
    * Hackers would use the pingback feature in WordPress to send pingbacks to thousands of sites instantaneously.
    * This feature in xmlrpc.php gives hackers a nearly endless supply of IP addresses to distribute a DDoS attack over.