Denial of Service Warning with 4.9.4 on my site

  • Lorraine Gayer

    (@lorraine-gayer)


    7 years ago

    How do I resolve this? I’m running 4.9.4

    Site Lock has been giving me this warning message about my platform for days:

    Severity: Medium

    Category: dos

    Summary: WordPress <= 4.9.4 – Application Denial of Service (DoS)

    Description: Unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Ignore it. There’s nothing for you to resolve. It’s technically a vulnerability but very hard to exploit. The security team is aware of it.

    Unfortunately, my searches to find a similar question and better answer from the forums from a few days ago is coming up empty.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Found it:

    From WP Security:

    Okay, so this is the DoS issue with load-scripts.php and load-styles.php: Basically, the best mitigation for this is at the network level. Hosts and WAFs can rate limit this in a way that makes a lot more sense than anything WordPress can do. Caching would also be extremely useful in this case. Something that we _could_ do is limit the number of scripts that could be loaded at once with those, but the problem with that is all it does is reduce the load by some relatively marginal amount.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Denial of Service Warning with 4.9.4 on my site’ is closed to new replies.

Tags