Request for informations about Traffic logging mode

  • Resolved metverre

    (@metverre)


    1 year ago

    Hi,

    I created a WordPress site and installed Wordfence plugin. To install Wordfence, I needed to install Jetpack. Do I still need to keep Jetpack for Wordfence to work ? Since today, I have received lots of alerts from Wordfence about /xmlrpc.php and /admin-ajax.php. I believe Jetpack uses /xmlrpc.php. How can I stop having these attack attempts ?

    I thank you in advance.

    Sincerely,

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @metverre, thanks for getting in touch.

    Wordfence has no requirement to install Jetpack or affiliation with it, so I’m not sure if this was perhaps assumed from a persistent notification showing at the top of your WordPress admin area while setting the site up.

    Naturally, you can continue to use Jetpack if you wish to but won’t be able to disable xmlrpc.php altogether. Comment spam through this route is common, so you can restrict it by checking the “Disable XML-RPC authentication” checkbox in Wordfence > Login Security > Settings to prevent authentication attempts through that file.

    If you decide to stop using Jetpack (and you’re also not using the WordPress app), you can disable access entirely via your .htaccess file with:

    # Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

    Thanks,
    Peter.

    Thread Starter metverre

    (@metverre)

    Hi @wfpeter,

    Thank you for your help.

    I deleted Jetpack and followed your instructions to disable the file.

    Sincerely, Marie

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Request for informations about Traffic logging mode’ is closed to new replies.