GoTrim employs several anti-bot checks to avoid some of the less complex botnet mitigations. It uses a Mozilla Firefox user-agent with the same gzip, deflate, and Brotil content encoding algorithms. The malware also attempts to detect CAPTCHA security plugins and has the capability of solving the challenges for some of them. If it cannot bypass a security plugin, the botnet is globally updated with a “skip” for that domain. Interestingly, any website containing “1gb.ru” in the page content also receives a “skip”.
Protecting WordPress installations is crucial. As one of the most popular CMS solutions, it receives a significant amount of attention from threat actors. Users can protect their WordPress sites by using Web Application Firewalls (WAF), obfuscating admin login pages, and using strong passwords. For a more exhaustive list of security measures, wpbeginners.com has created a comprehensive guide to securing WordPress installations: https://www.wpbeginner.com/wordpress-security/
https://www.fortinet.com/blog/threat-research/gotrim-go-based-botnet-actively-brute-forces-wordpress-websites
