Answer the question
In order to leave comments, you need to log in
I
I
i_want_to_know_everything2017-02-13 03:51:33
i_want_to_know_everything, 2017-02-13 03:51:33
Website hacking via wp-json, how to protect?
Attackers began to change the content of individual records on the site, from under the admin account. Changing passwords didn't make a difference.
when viewing the logs, it was found that all changed records were requests like
104.167.211.60 - - [11/Feb/2017:01:28:23 +0300] "GET //wp-json/wp/v2/posts/ HTTP/ 1.1" 200 136355 "-" "python-requests/2.11.1"
104.167.211.60 - - [11/Feb/2017:01:28:24 +0300] "POST //wp-json/wp/v2/posts/ 2119 HTTP/1.1" 200 960 "-" "python-requests/2.11.1"
104.167.211.60 - - [11/Feb/2017:01:28:26 +0300] "GET /by.htm HTTP/1.1" 404 5463 "-" "python-requests/2.11.1"
I know about disabling the Rest API, and have disabled it for now.
Questions:
How to protect yourself without disabling REST and access only from certain ip
Similar questions
R
Z
I
N
nelolka2015-08-11 20:33:07
What is the security hole in the image loading script in this case?
4Reply
A
Alamir2017-07-28 21:10:02
How to forward traffic within the network through several machines?
1Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question