The Vulnerability as explained in https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html relies in executing high number of requests, So by temporarily applying rate limiting, the impact of this vulnerability maybe mitigated using various methods one of them is by using Modsecurity until a fix is released.

Other References:

https://wpvulndb.com/vulnerabilities/9021
https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
https://github.com/quitten/doser.py
https://thehackernews.com/2018/02/wordpress-dos-exploit.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389

something like this should work, but will render the site unreadable for 2 minutes for the potential attacker in case of a match 🙂

SecAction "id:1234,initcol:ip=%{REMOTE_ADDR},nolog,pass"
SecRule REQUEST_URI "wp-admin\/load.*load" "id:1235,nolog,pass,chain,setvar:ip.scriptloadingattempts=+1,expirevar:ip.scriptloadingattempts=120"
SecRule RESPONSE_STATUS "@eq 200"
SecRule REQUEST_URI "wp-admin\/load.*load" "id:1236,phase:1,deny,log,status:403,chain"
SecRule IP:SCRIPTLOADINGATTEMPTS "@gt 25"

So, By breaking down the last lines of code,

The 1st part/line will create a persistent variable to store data across sessions based on the source IP
SecAction "id:1234,initcol:ip=%{REMOTE_ADDR},nolog,pass"

The 2nd will start counting the matches based on the supplied regex. The counter should reset every 2 minutes of inactivity
SecRule REQUEST_URI "wp-admin\/load.*load" "id:1235,nolog,pass,chain,setvar:ip.scriptloadingattempts=+1,expirevar:ip.scriptloadingattempts=120"
SecRule RESPONSE_STATUS "@eq 200"

The 3rd part is where We deny the requests bypassed the allowed limit
SecRule REQUEST_URI "wp-admin\/load.*load" "id:1236,phase:1,deny,log,status:403,chain"
SecRule IP:SCRIPTLOADINGATTEMPTS "@gt 25

So, the numbers mentioned above are rough estimates but they should be ok!

A similar approach should be applicable on other WAF software. ex: F5 ASM

[amazon_link asins=’B0057WCS7O,B01K04J4WU,B00PAWPZ7Q,1484204581′ template=’ProductCarousel’ store=’ipvx-21′ marketplace=’IT’ link_id=’f220b9f8-194c-11e8-8b8f-81393f846fc9′]