Block XMLRPC

  • Resolved bvigorda

    (@bvigorda)


    9 years, 2 months ago

    Hello,

    I made a donation, but not the higher amount that gives the auto-scanning feature. I see the below at the scan page, but I don’t understand it. Does it mean it is enabled for anyone with any amount of a donation and the plugin is blocking access to the XMLRPC file? In other words, I’m protected from the hacking? It just looks different than the features immediately above and below it and it isn’t clear to me that it’s working on my site.
    Thank you

    Allow/Block XMLRPC Access (Currently Allowed) This feature is available to those who have donated!

    Most WordPress site do not use the XMLRPC features and hack attempt on the xmlrpc.php file are more common then ever before. Even if there are no vulnerabilities for hackers to exploit these attempts can cause slowness or downtime similar to a DDoS attack. This patch automatically blocks all external access to the xmlrpc.php file.

    https://www.ads-software.com/plugins/gotmls/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Eli

    (@scheeeli)

    You are now able to block all access to the xmlrpc.php with my plugin. Just click the button to the right to block that DIOS attack on you XMLRPC.

    The automatic updates are currently only available to those who have donated at least $29, this is to help me cover the cost of my new definition update server.

    Please let me know if you have any further questions.

    Aloha, Eli

    Thread Starter bvigorda

    (@bvigorda)

    Hi Eli,

    Thanks for your reply.

    I guess that means I do have it enabled since there isn’t any button to the right. I remember trying to enable it before. It just doesn’t have a green box with a check mark to the left of it like the others so I wasn’t sure. Here’s a screenshot to see what I mean:

    https://snag.gy/D7fd8.jpg

    Thank you,
    Gail

    Plugin Author Eli

    (@scheeeli)

    I put a Question Mark on this option because I though that a Check Mark for Blocking access could be confusing. I can see it is still confusing so I will explain it better and make it easier to understand in my next release.

    Your screenshot shows “Allow/Block XMLRPC Access (Currently Allowed)” which means that Access to your XMLRPC is Currently Allowed, not Blocked.

    You have two different keys for your site, one for http and one for https, each one is registered under a different email address. You have donated under the account that uses the http, not the https site. You could just take off the “s” and click the “Block XMLRPC Access” button on the http page, or you could login to my stie and transfer your https registration to the other account so that the donation is applicable to both sites.

    Thread Starter bvigorda

    (@bvigorda)

    Worked like a charm Eli – thank you!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Block XMLRPC’ is closed to new replies.