Blog

Articles Tagged with

xml ddos attack

Home / xml ddos attack
WordPress

Disable XML-RPC in WordPress

Hackers are using the XML-RPC function in WordPress for DDoS botnet attacks as well as Brute Force attacks.

What is XML-RPC?

The XML-RPC function was originally designed to be used an intranet notification system for WordPress users. But few use it anymore due to spam.

Now it is being used primarily as a way to remote post to WordPress from mobile.

Some plugins and third-party applications use XML-RPC to deliver content from their servers to your site.

 

Do I need WordPress XML-RPC?

Most users don’t need WordPress XML-RPC functionality, and it’s one of the most common causes for exploits.

Some clients such as the official WordPress Mobile Apps and Blogger use XML-RPC requests to function.

All of the WordPress XML-RPC requests are remote POST requests to the xmlrpc.php script.

A full list of the different requests that can be made via XML-RPC can be found at XML-RPC WordPress API

 

Block WordPress xmlrpc.php requests with Disable XML-RPC Plugin

This plugin disables XML-RPC API in WordPress 4.5+, which is enabled by default.

 

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from Youtube
Vimeo
Consent to display content from Vimeo
Google Maps
Consent to display content from Google
Spotify
Consent to display content from Spotify
Sound Cloud
Consent to display content from Sound