How To Protect WordPress from XML-RPC Attacks

BillEssley

Well-known member
Registered
Joined
Feb 19, 2013
Messages
358
Points
28
The problem if your site is receiving XML-RPC attacks is not new, but recently a lot of people are attacked in this way. Therefore, if you do not currently need to connect to the WordPress service or external applications, then disable XML-RPC to avoid the risk of attacking in this form.

Ways to limit attacks through XMLRPC

To limit the attack in this form, there is a simple way is block this file by not allow to execute it. Note you should not delete it because it is part of the WordPress source code, which can cause errors or when you update latest version it will be back hence block it is the most optimal way.

Block xmlrpc.php on .htaccess

If you are using a shared hosting or install Apache server, then insert the following into your .htaccess file in the root directory of the website.

Code:
<files xmlrpc.php>
 order allow,deny
 deny from all
</files>
Block xmlrpc.php on NGINX

Code:
location = /xmlrpc.php {
 deny all;
 access_log off;
 log_not_found off;
}
Retart NGINX

Code:
service nginx restart
Hope that helped!
 
Older Threads
Replies
1
Views
1,868
Replies
5
Views
3,938
Replies
7
Views
2,761
fwh
Latest Threads
Replies
1
Views
21
Replies
0
Views
33
Replies
1
Views
39
Recommended Threads
Replies
0
Views
1,920
Replies
4
Views
7,531
Replies
6
Views
4,280

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top