MainWP Blog - attacks

If you are running the WooCommerce plugin for ecommerce functionality on your WordPress site but have noticed an uptick in origin-unknown failed orders. These fraud orders can be a pain to deal with, and you have to manually review and clear out 60 to 80 orders per week or even more frequently, depending on how much of an issue it ends up being on the site. A card testing attack in WooCommerce occurs when fraudsters use an online store’s payment Continue reading the post...

Distributed Denial of Service (DDoS) attacks pose a significant threat to the online world, targeting websites and servers intending to disrupt normal operations. These attacks work by flooding the target with overwhelming traffic from multiple sources, rendering the service inaccessible to legitimate users. In essence, DDoS attacks can cause severe damage to businesses and organizations, leading to revenue loss, damage to reputation, and erosion of customer trust. Understanding the mechanics of DDoS attacks is crucial in devising effective defense strategies. Continue reading the post...

WordPress in its core has a function called XML-RPC, which a limited number of plugins still use like Jetpack. More plugins used to use it when the only method would have been to use the XML-RPC. Most plugins now use the WordPress REST API to connect to a site to pull data from it, by either read or write access. XML-RPC is still targeted for brute force attacks on WordPress sites. A number of CDNs like Cloudflare and Sucuri will Continue reading the post...