According to the Hacker News, a “simple yet serious application-level Denial of Service (DoS) vulnerability has been discovered in WordPress CMS platform that could allow anyone to take down most WordPress websites even with a single machine…” Lee Munson, Security Researcher at Comparitech.com commented below.
Lee Munson, Security Researcher at Comparitech.com:
“Just about everyone with a website of note knows that a Distributed Denial of Service (DDoS) attack is bad news for business as the flood of traffic takes the site down.
“Fortunately, such attacks are not that common since a huge amount of bandwidth is required – typically criminals instigate a DDoS by leveraging herds of zombie computers in a botnet of their own creation, or one they have paid to use.
“Thus, a new flaw in WordPress that allows websites to be knocked off line by a simple Denial of Service (DoS) attack – which requires only one machine to execute – is really bad news for owners of blogs of all sizes.
“Given no patch is available, or likely to be any time soon, the onus appears to be on bloggers to arrange their own DDoS protection through their web hosts, something that may be beyond the budgets of hobbyists and newly started businesses.
“With over a quarter of the sites on the web running on WordPress, it may be time for low traffic bloggers to consider an alternative content management system for their wordsmithing.”