How to block xmlrpc while only allowing JetPack

  • Resolved wpmhweb

    (@wppit)


    4 years, 3 months ago

    I have xmlrpc enabled because of JetPack, and even though, I have bruce force enabled and fail2ban, I’m still getting a lot of unwanted requested to the xmlrpc slowing down the site.

    I’ve been looking to block xmlrpc allowing only JetPack, but even after including all the IP addresses available in the WordPress documentation (https://jetpack.com/support/hosting-faq/#jetpack-whitelist), JetPack is still getting blocked. When I go to the WordPress.com and I want to check the stats the site has red icon indicating a problem, when I remove the code below, everything works.

    So, now I would like to share the code I added to htaccess to see if anyone can help me figure out what I’m doing wrong to block xmlrpc while allowing only JetPack to work. 

    
<Files xmlrpc.php>
Order allow,deny
Allow from 122.248.245.244/32
Allow from 54.217.201.243/32
Allow from 54.232.116.4/32
Allow from 192.0.80.0/20
Allow from 192.0.96.0/20
Allow from 192.0.112.0/20
Allow from 195.234.108.0/22
Allow from 192.0.96.202/32
Allow from 192.0.98.138/32
Allow from 192.0.102.71/32
Allow from 192.0.102.95/32
Deny from all
Satisfy All
ErrorDocument 403 https://127.0.0.1/
</Files>
    • This topic was modified 4 years, 3 months ago by wpmhweb.
Viewing 1 replies (of 1 total)
  • Plugin Support lizkarkoski

    (@lizkarkoski)

    Hi –

    What is the site URL? Please make sure you have Jetpack activated on the site so we can take a closer look at the connection.

Viewing 1 replies (of 1 total)
  • The topic ‘How to block xmlrpc while only allowing JetPack’ is closed to new replies.

Tags