DoS attack

A easy yet serious application-level denial of service(DoS) vulnerability is discovered in WordPress CMS platform. That could allow any one to take down your website easily. Every wordpress website is under this vulnerability and still remain unpatched.

Thank you for sharing, it’s always good to stay on top of security vulnerabilities (and to keep your software up to date)!

I did some digging into this issue as well, but I think “serious vulnerability” is a bit overstated.

As far as I can tell, this “vulnerability” simply means that someone can fire a lot of requests on your site and make it run out of resources as all scripts need CPU power and memory to run. If so, this “vulnerability” applies to any file in any script in any programming language, because it’s inherently how the web works.

That said, this issue is mitigated on InfinityFree by the browser validation system. That security system makes sure that your website can only be accessed by real browsers from real people, not spam bots. That makes it a lot harder for hackers to exploit this “vulnerability”.