The global popularity of WordPress makes it a juicy target for all types of hackers. One of the most common attacks on WordPress is the XML-RPC attack. In this tutorial, we’ll learn what XML-RPC is and how to block XML-RPC attacks.
What is XML-RPC attack?
XML-RPC is a remote procedure call that uses XML for encoding and HTTP for transport. WordPress is using XML-RPC for information exchange between clients on the network.
Using this functionality, the attacker can send thousands of brute-force attacks against your WordPress site in a very short time period.
The attacker will try to log in using the xmlrpc.php script with random username/password combinations many times per minute, thus affecting the brute-force attack on your WordPress site.
Another problem is that xmlrpc.php also allows the attacker to guess hundreds of password combinations using only several HTTP requests. This would also lead to a very high database load.
This could also bring your site down, displaying the “Error establishing database connection” error.
How to block XML-RPC attack?
There are several ways to block XML-RPC attacks.
1. Install one of many WordPress plugins that deal with XML-RPC
You can find a lot of plugins that do that. Like the ones on this page.
2. Block all xmlrpc.php requests in WordPress
If you’re running on an Apache web server, you can do that by inserting the following code in the .htaccess file in your WordPress website’s document root:
< Files xmlrpc.php >
order deny,allow
deny from all
< /Files >
3. Block xmlrpc.php in the Apache/Nginx configuration file
If you’re using Apache, do that by inserting the following code in your Apache configuration file:
< VirtualHost >
----------
< files xmlrpc.php >
order allow,deny
deny from all
< /files >
< /VirtualHost >
If you’re using Nginx, block xmlrpc.php by inserting the following code in your Nginx configuration file:
server {
-----------
location /xmlrpc.php {
deny all;
}
}
How to search for and find XML-RPC attacks in different Linux distributions?
On CentOS with Apache:
# grep xmlrpc /var/logs/httpd/access.log
On Ubuntu with Apache:
# grep xmlrpc /var/logs/apache2/access.log
For a server with Nginx:
# grep xmlrpc /var/logs/nginx/access.log
For a server with cPanel:
# grep xmlrpc /home/username/logs/access.log
If your WordPress site is under attack, the result of the previous commands would be similar to the following:
“POST /xmlrpc.php HTTP/1.0” 200 674 “-” “Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)”
Of course, you don’t have to do any of this if you use one of our Server Security Patches and Updates Services, in which case you can simply ask our expert Linux admins to secure WordPress and prevent XML-RPC attacks for you. They are available 24×7 and will take care of your request immediately.
PS. If you liked this post, please share it with your friends on the social networks using the buttons on the left or simply leave a comment below. Thanks.
guys can also try this, will make 403 DENIED for those xmlrpc:
https://wordpress.org/plugins/disable-xml-rpc-littlebizzy/