Intrusion Prevention



This indicates an attempt to exploit a Failed Login Response vulnerability in WordPress and WordPress MU.
The vulnerability allows a remote attacker to determine if a user account is valid from the "failed login" response. A remote attacker can send multiple user enumeration attempts in order to identify valid accounts. Detection is triggered if logins are attempted at a rate of more than about 1000 times in 10 seconds.

Affected Products

WordPress 2.8 and prior.
WordPress MU 2.7.1 and prior.


Impact of a successful attack could vary, with the worse case being a system compromise.

Recommended Actions

Adjust the threshold to your network.
Monitor the traffic from that network for any suspicious activity.

CVE References