'flood to admin-post.php in wordpress
I noticed a few days ago an increase on my server load, after check a few logs I found this line "POST /wp-admin/admin-post.php HTTP/1.1" repited a lot, the request of this post is from my server ip, is that normal?.
Log has 500 lines and this post request is repited in 100 of them, I am the only admin of my wp site, is this some kind of attack?
Solution 1:[1]
This might be some kind of attack, namely a bot that is automatically trying combinations of (common) user names and passwords.
First: As long as you've got a good password, your data is safe.
I think there are many bots trying to automatically find Wordpress websites and then doing all kinds of requests to find vulnerabilities. But it could also be a misconfiguration of your server or your Wordpress configuration.
It's interesting that the request's IP is your own server IP. Can you verify that by logging in as admin with your browser and then check whether your computer's IP appears in the log? If your computer's IP does not appear, the log information is insufficient. If it does appear, it might be a next step to additionally log the posted data in order to find out if it's a bot trying out things.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Jan |