In today’s video, we explain what XMLRPC is and how it can be used in attacks against your wordpress site. We explore two different methods to prevent this attack.
XMLRPC is a feature that wordpress uses to have pingback functionality, remote access functionality, or cross-site functionality.
Most of the time it is not needed and attackers can take advantage of it’s presence with an XMLRPC attack and bring your entire website down.
Method 1: Using code snippet in functions.php
Place this code snippet in your functions.php file or another globally included script:
add_filter('xmlrpc_enabled', '__return_false');That’s it! You’re now protected from XMLRPC attacks.
Method 2: Using .htaccess
Use .htaccess rules to not serve xmlrpc.php file.
Edit your .htaccess file and place the following directive at the bottom:
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>