How to protect WordPress against CVE-2018-6389 DoS attacks
WP Cerber Security 6.2 brought protection against a denial of service (DoS) attack that exploits recently discovered vulnerability CVE-2018-6389
We should say that this is not a critical vulnerability and doesn’t allow a hacker to break into a victim website. It’s rather a design flaw that allows anyone to put a WordPress powered website to its knees easily. Bad actors can use it to bring your online store down. The attack can be initiated from any computer by anyone. No special knowledge or software is needed.
The protection mechanism in the plugin is disabled by default. When it’s active only authorized users have access to the load-scripts.php and load-styles.php scripts.
To enable protection against CVE-2018-6389 DoS attacks go to the Hardening tab, enable Block unauthorized access to load-scripts.php and load-styles.php and click Save Changes. After enabling this setting a set of security rules will be added to the .htaccess file and a special, known to your web server only, cookie will be set for every authorized user. Styles and scripts that are used for the standard WordPress login form will be loaded without concatenation.
Read more about CVE-2018-6389
Last posts from WordPress security blog
- How to clean up activity and live traffic logs February 16, 2018
- How to protect WordPress against CVE-2018-6389 DoS attacks February 11, 2018
- WP Cerber Security 6.2 February 7, 2018
- Traffic Inspector and logging how to February 5, 2018
- Development version 6.1.3 February 1, 2018