How To Protect WordPress from XML-RPC Attacks

BillEssley

BillEssley

Well-known member
Registered
Joined
Feb 19, 2013
Messages
358
Points
28
The problem if your site is receiving XML-RPC attacks is not new, but recently a lot of people are attacked in this way. Therefore, if you do not currently need to connect to the WordPress service or external applications, then disable XML-RPC to avoid the risk of attacking in this form.

Ways to limit attacks through XMLRPC

To limit the attack in this form, there is a simple way is block this file by not allow to execute it. Note you should not delete it because it is part of the WordPress source code, which can cause errors or when you update latest version it will be back hence block it is the most optimal way.

Block xmlrpc.php on .htaccess

If you are using a shared hosting or install Apache server, then insert the following into your .htaccess file in the root directory of the website.

Code: 
<files xmlrpc.php>
 order allow,deny
 deny from all
</files>
Block xmlrpc.php on NGINX

Code: 
location = /xmlrpc.php {
 deny all;
 access_log off;
 log_not_found off;
}
Retart NGINX

Code: 
service nginx restart
Hope that helped!
 
You must log in or register to reply here.
Older Threads
ZenHosting
Top-value, feature-packed cPanel web hosting from just 4.99 AUD / mo
Replies
0
Views
1,717
ZenHosting
Alex_smith
What is the difference between Apache and Nginx?
Replies
1
Views
2,075
VirtuBox
coredump
Vultr Cloud Compute is Down!
Replies
5
Views
4,278
enomyn
Andy11
Greetings!
Replies
7
Views
2,997
fwh
Sean101
How to create and use SSH Key?
Replies
6
Views
5,781
BillEssley
Newer Threads
BillEssley
Each website has a unique address?
Replies
4
Views
3,329
StackNetwork
Kaz Wolfe
How to make Apache .htaccess file to be worked with Nginx?
Replies
4
Views
4,579
AlphaNine Vini
Gmeister4
What is EasyEngine and its functions?
Replies
9
Views
9,556
circles
Gonzalo
How to Configure Nginx for Wordpress
Replies
2
Views
2,308
VirtuBox
Emily Routledge
How do I get started on learning web designing?
Replies
12
Views
5,412
Fusion Arc Hosting
Latest Threads
M
Need suggestions about dedicated servers
Replies
0
Views
117
marylouis
Jinendra Khobare
Hello!
Replies
0
Views
65
Jinendra Khobare
B
HELLO ALL MEMBER
Replies
0
Views
57
BestWarez
J
Jtti Black Friday Special: Hong Kong VPS Cloud Servers Starting at $4.16/Month with Up to 70% Discount
Replies
1
Views
177
marylouis
S
I'm unable to buy domain name from OVH.com
Replies
1
Views
87
BlueLeaf
Recommended Threads
HostBastic
OFFER $1.99 /Mo - Back to School Special | Pure SSD | DDoS Protected | PayPal & BitCoin | 1-Month-FREE
Replies
2
Views
2,356
HostBastic
MilesWeb
OFFER [MilesWeb] WordPress Hosting | Free WP Migration | Managed WordPress | 40% OFF On All Billing Cycle
Replies
0
Views
1,879
MilesWeb
fromrachel
What is a Webmaster and How to become a professional Webmaster?
Replies
1
Views
3,211
Maxwell
J
which Hosting Type is the best for beginners?
Replies
8
Views
1,343
HostShark
mattnz
How to configure a Dedicated Server?
Replies
3
Views
3,294
LJSHost
Similar Threads
HostingWaves
SSD storage with 100% Discount for 3 mo+DDOS protection | WordPress stack | Free SSL |Free Migration
Replies
0
Views
1,601
HostingWaves
HostingWaves
FREE HostingWaves-Free 3 month Web Hosting+DDOS protection | WordPress stack | Free SSL | Free Migration
Replies
2
Views
2,656
HostingWaves
zwol
What is Brute Force Attack and how to protect your WordPress site?
Replies
1
Views
4,957
Dedmoi
OnaDavney
Best Way to Protect Your WordPress Blog from Malware
Replies
15
Views
5,349
Dewlance
Holly Nicole
Protect your WordPress
Replies
0
Views
2,228
Holly Nicole

Latest postsNew threads

Latest Hosting OffersNew Reviews

Popular Contributors - Past 30 Days

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
  • cpanel
  • dedicated
  • free
  • hello
  • hosting
  • hosting services
  • marketing
  • offers
  • seo
  • server
  • services
  • vps
  • web
  • web hosting
  • website
  • wordpress
    • Top