{"id":2876,"date":"2016-10-31T14:31:22","date_gmt":"2016-10-31T20:31:22","guid":{"rendered":"http:\/\/www.whitefirdesign.com\/blog\/?p=2876"},"modified":"2016-10-31T14:31:22","modified_gmt":"2016-10-31T20:31:22","slug":"anti-malware-security-and-brute-force-firewall-plugin-uses-non-existent-brute-force-attacks-to-get-registrations-and-donations","status":"publish","type":"post","link":"https:\/\/www.whitefirdesign.com\/blog\/2016\/10\/31\/anti-malware-security-and-brute-force-firewall-plugin-uses-non-existent-brute-force-attacks-to-get-registrations-and-donations\/","title":{"rendered":"Anti-Malware Security and Brute-Force Firewall Plugin Uses Non-Existent Brute Force Attacks To Get Registrations and Donations"},"content":{"rendered":"<p>When it comes to WordPress security, one thing we can&#8217;t emphasis enough is that people putting out security products and services for it\u00a0don&#8217;t seem to have a good grasp of security. One of the most glaring examples of this is how often the falsehood that there are lots of brute force attacks against WordPress admin passwords happening, <a href=\"http:\/\/www.whitefirdesign.com\/blog\/2016\/08\/02\/no-one-is-trying-to-brute-force-your-wordpress-admin-password\/\">despite the evidence presented that they are happening actually showing\u00a0the exact opposite<\/a>.<\/p>\n<p>Recently, while\u00a0doing <a href=\"https:\/\/www.pluginvulnerabilities.com\/category\/security-tips-for-wordpress-plugin-developers\/\">testing on how WordPress security plugins did in protecting against real world plugin vulnerabilities<\/a>\u00a0(short version, they haven&#8217;t done\u00a0well in the testing so far) for our Plugin Vulnerabilities service we ran across the plugin\u00a0<a href=\"https:\/\/wordpress.org\/plugins\/gotmls\/\">Anti-Malware Security and Brute-Force Firewall<\/a>. The plugin is one of the most popular security plugins, with 100,000+ active installs according to wordpress.org.<\/p>\n<p>On the Firewalls Options page you will find that they have an option for Brute-force Protection:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-2996\" src=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2016\/10\/anti-malware-security-and-brute-force-firewall-brute-force-protection.png\" alt=\"anti-malware-security-and-brute-force-firewall-brute-force-protection\" width=\"530\" height=\"190\" srcset=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2016\/10\/anti-malware-security-and-brute-force-firewall-brute-force-protection.png 530w, https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2016\/10\/anti-malware-security-and-brute-force-firewall-brute-force-protection-300x108.png 300w\" sizes=\"auto, (max-width: 530px) 85vw, 530px\" \/><\/p>\n<p>So they are using a non-existent threat to try to get people to register and donate. On top of that, the protection seems to involving modify a core file, which isn&#8217;t a very good idea.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When it comes to WordPress security, one thing we can&#8217;t emphasis enough is that people putting out security products and services for it\u00a0don&#8217;t seem to have a good grasp of security. One of the most glaring examples of this is how often the falsehood that there are lots of brute force attacks against WordPress admin &hellip; <a href=\"https:\/\/www.whitefirdesign.com\/blog\/2016\/10\/31\/anti-malware-security-and-brute-force-firewall-plugin-uses-non-existent-brute-force-attacks-to-get-registrations-and-donations\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Anti-Malware Security and Brute-Force Firewall Plugin Uses Non-Existent Brute Force Attacks To Get Registrations and Donations&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25,32],"tags":[86,89],"class_list":["post-2876","post","type-post","status-publish","format-standard","hentry","category-bad-security","category-wordpress-plugins","tag-anti-malware-security-and-brute-force-firewall","tag-brute-force-attack"],"_links":{"self":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2876","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/comments?post=2876"}],"version-history":[{"count":4,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2876\/revisions"}],"predecessor-version":[{"id":2998,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2876\/revisions\/2998"}],"wp:attachment":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/media?parent=2876"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/categories?post=2876"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/tags?post=2876"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}