XMLRPC.php failed login

  • Resolved samuelmarcinko

    (@samuelmarcinko)


    4 years, 1 month ago

    Hello. I want to ask a question. I’m receiving a WordFence emails and notifications that someone tried to login. Full message is:

    `Dongguan, China attempted a failed login using an invalid username “[login]”. https://test.etilog.com/xmlrpc.php
    9. 10. 2020 8:08:44 (32 minutes ago)
    IP: 149.129.52.21 Hostname: 149.129.52.21
    Human/Bot: Human
    Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 `

    I’ve got about 100 requests from different IP addresses and countries.
    I blocked XMLRPC.php using .htaccess by adding

    # Deny access to xmlrpc.php file
<files xmlrpc.php>
order allow,deny
deny from all
</files>

    But I’m still receiving notifications about failed attempt. How can I fix that ? Or blocking using .htaccess above is enought ? Thank you for help

    Here you can see attempts in WordFence
    https://prnt.sc/uvxihy

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @samuelmarcinko, thank-you for contacting us over this and letting us know that you’ve already made the .htaccess change.

    Access to that page may have been allowed for other reasons. Commonly, the WordPress app if you have 2FA or ReCAPTCHA enabled and the Jetpack plugin amongst other services do require access to XML-RPC. As a result of this, it is a common route to be tried as you can see from the attempts screenshot you included. Do you think any of those are the case with your site?

    If you haven’t already, from Wordfence > Login Security > Settings you can tick the box for Disable XML-RPC authentication and let me know if the login attempts cease.

    Thanks,

    Peter.

    Thread Starter samuelmarcinko

    (@samuelmarcinko)

    I tried to install Disable XML-RPC plugin and it look that attempts for login are fixed. I didn’t see any new attempts for login

    Plugin Support wfpeter

    (@wfpeter)

    Hi @samuelmarcinko, that’s great news!

    If you ever have any other queries about Wordfence in the future, please open a new topic and we’ll be glad to help you.

    Peter.

    You can set the security to xmp-rpc in file manager to 0000
    i think that should work

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘XMLRPC.php failed login’ is closed to new replies.