Disable xmlrpc.php

  • Resolved Foliferous

    (@revs)


    1 year, 3 months ago

    Hello,

    our site was victim of a brute force attack (and I believe other attacks). I was told by our provider to disable xmlrpc.php, amongst other suggestions.

    I see that WordFence, in “Logic security settings”, has this checkbox called “Disable XML-RPC authentication“.

    I just wanted to ask if this does the same as disabling xmlrpc.php in .htaccess, e.g. through a piece of code like:

    <Files "xmlrpc.php">
  Require all denied
</Files>

    Thank you!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @revs

    Our option for disabling login attempts via the XML-RPC interface is done via PHP and not via a .htaccess file.

    Thread Starter Foliferous

    (@revs)

    Thanks @wfphil!

    Okay, that’s good to know. But it’s the same thing, right? I’m not expert and was just told by my hosting provider to disable xmlrpc.php.

    Since our site was hacked and I had no access to the WP admin panel, I wanted to do it via .htaccess.

    The brute force attack has ended now, so I can access the admin panel again.

    Since Wordfence already disables xmlrpc.php, there’s no need to disable it manually through .htaccess, right? I suppose it’s the same thing?

    Thank you once more ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Disable xmlrpc.php’ is closed to new replies.