• Home
  • WordPress
  • Hosting
    • Budget Hosting
    • Business Hosting
    • Email Hosting
    • Reseller Hosting
  • Domain
    • Domain Pricing
  • Servers
    • Dedicated Servers
    • Vps Servers
  • Security
    • SSLs
      • Domain Validation SSL
      • Extended Validation SSL
      • Organization Validation SSL
      • Wildcard SSL
    • Fix Hacked Website
xoftmade-logo xoftmade-logo
  • Home
  • WordPress
  • Hosting
    • Budget Hosting
    • Business Hosting
    • Email Hosting
    • Reseller Hosting
  • Domain
    • Domain Pricing
  • Servers
    • Dedicated Servers
    • Vps Servers
  • Security
    • SSLs
      • Domain Validation SSL
      • Extended Validation SSL
      • Organization Validation SSL
      • Wildcard SSL
    • Fix Hacked Website
Client Area

How to stop hacking attempts on xmlrpc.php in WordPress Blogs?

by xoftmade
June 4, 2016
Blog

While Monitoring my server i noticed bulk traffic to xmlrpc.php files in my hosted websites. As this is a shared server, so there are over 40 wordpress installations in it. And that day i have noticed a continuous attack on 8 websites, a single request on xmlrpc.php took average 200MB to 250MB of memory and these requests were continuous 10 to 20 per second on each website. Which results in system instability and caused my server out of memory then eventually crashed.

Now a days hackers started using xmlrpc.php instead of wp-login.php to execute their brute force attacks and the problem is, since wordpress version 3.5 we can’t disable the use of xmlrpc.php at least not from wordpress settings. But there are few ways, lets discuss them one by one.

1. Deleting xmlrpc.php
This is not recommended as after every wordpress update this file will be replaced so its not the smartest way to deal with.

2. Plugins
There are few plugins that can do that for you. I have found some best and most used plugins for this purpose. Disable XML-RPC and XML-RPC Pingback. Both Plugins are really basic but should be able to help you protect your blog / website from attacks.

3. Adding Code to Theme’s Functions.php File
That’s the same way of security that above plugins will provide. So you can go with this way too. All you need to do is, just edit your Theme’s Functions.php file and these code lines in it.

function remove_x_pingback($headers) {
unset($headers[‘X-Pingback’]);
return $headers;
}
add_filter(‘wp_headers’, ‘remove_x_pingback’);
add_filter(‘xmlrpc_enabled’, ‘__return_false’);

4. Block by .htaccess
You can block access to xmlrpc.php by adding a simple code in your .htaccess. Just edit .htaccess file and put following code in it, it will block access and user will get 403 Forbidden error.

<Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>

5. Blocking access in nginx
If you are using nginx then use following code in nginx configuration:

server {
location = /xmlrpc.php {
deny all;
}
}

6. Block on entire server
If you have shared server with multiple WordPress installations, any of above solution will take time to implement. So the best thing to do is to block access to xmlrpc.php file on Apache level, simply by adding this to httpd.conf file:

<FilesMatch “^(xmlrpc\.php)”>
Order Deny,Allow
Deny from all
</FilesMatch>

It will be located at (/usr/local/apache/conf) in centos/cloudlinux servers.

If you don’t use XML-RPC than you can safely disable it using any of the methods above (except the first one, of-course) and protect your blog against xmlrpc attacks.

Tags: wordpress fake trafficwordpress hackingxmlrpc.php attack
Share:

Recent Posts

  • Duplicate emails from Google/Gmail to cPanel Webmail
  • Critical cPanel & WHM Authentication Flaw Allows Remote Takeover – Patch Now
  • Now SSLs will Expire in Just 200 Days why!
  • How to disable alt-php binaries from cPanel MultiPHP Manager
  • How to enable or disable root user login in Linux Servers?

Recent Comments

No comments to show.
xoftmade-logo
P50 Plaza, 2nd Floor, Chenab Market, Susan Road, Faisalabad
+92 311 4991414

sales@xoftmade.com

Hosting
  • Managed WordPress Hosting
  • Budget Hosting
  • Business Hosting
  • Email Hosting
  • Reseller Hosting
Company
  • About
  • Blog
  • Affiliate Marketing
  • Terms of Service
  • Contact
Domains
  • Domain Search
  • Domain Pricing
  • WHOIS Lookup
Join Our Newsletter

We’ll send you news and offers.

Social Media
Facebook-f Instagram
© All Rights Reserved - Xoftmade Web Solutions