The month of February brought yet another scare to the hosting world. A WordPress vulnerability was exposed which allowed hackers to initiate what is known as a denial of service (DoS) attack on ones website. Ultimately, under a DoS attack, your website becomes unreachable by anyone including you. The technical understanding of performing the DoS attack is rather simple.The flaw begins under the well-known “/wp-admin” directory. Every WordPress site is assigned this path as an administrative source. It was discovered that while loading this path there exists a script which fetches a number of JS/CSS files. This can be a heavy load on the server when performed repeatedly. Of course, DoS attacks found their roots and hackers began exposing this exact flaw. Due to its simplicity, the population of attempts are greatly increased and essentially adds more to the scare. Fortunately, any downtime is not acceptable by InterServer.
InterServer was able to mitigate these attacks through mod_sucurity. Therefore, it is NOT possible to exploit this on our shared hosting services. While there is an alternative for individuals who may not have their site hosted with InterServer, it is not guaranteed success. The alternative is to modify the “/wp-admin” as a sub-directory which will free you against common WordPress admin scans.
As an InterServer customer, you can rest assured that your WordPress site will be safe from the newly exploited DoS attack flaw.