alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Wordpress Login Bruteforcing Detected"; flow:to_server,established; threshold:type both, track by_src, count 5, seconds 60; http.method; content:"POST"; http.uri; content:"/wp-login.php"; nocase; http.request_body; content:"log|3d|"; content:"pwd|3d|"; classtype:attempted-recon; sid:2014020; rev:5; metadata:affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2011_12_13, deployment Datacenter, signature_severity Major, tag Wordpress, updated_at 2020_04_22;)