Disable xmlrpc.php

Thanks to the Simple History plugin, the first thing I noticed on my new WordPress install was hundreds of brute-force login attempts:

Anonymous user from x.x.x.x 4:25 pm (less than a minute ago)              Failed to login with         username "dougie" (incorrect password entered) warning       Showing 212 more     

And then more alarmingly, immediately the same thing on a new test user I set up a few minutes later. Of course, just because frustratingly I can’t work out how the attacker extracts the new WP username immediately doesn’t mean it ain’t happening. But the attack vector, so to speak, was the xmlrpc.php file.

Several ways to tackle this, and initially I used a security plugin to fix it. But given the choice, I’d rather do things like this manually so I have a better idea what’s going on, and maybe learn something too.

I pasted the code suggested from https://www.hostinger.com/tutorials/xmlrpc-wordpress into my .htaccess file:

    # Block WordPress xmlrpc.php requests
    <Files xmlrpc.php>
    order deny,allow
    deny from all
    allow from xxx.xxx.xxx.xxx
    </Files>

changing the allow from to the static IP for my regular connection, although strictly speaking I don’t think I need that and will try taking it out altogether sometime.

(Visited 8 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.