jvalks

My provider is using only Windows servers, and uses Helicon APE. Can this be the reason it does not work??

• This reply was modified 7 years, 6 months ago by jvalks.

Ok, created a new site. Installed WordPress and AIOWPS plugin. Enabled the basic firewall en checked Completely Block Access To XMLRPC. The .htaccess file is modified:

# BEGIN All In One WP Security
#AIOWPS_BASIC_HTACCESS_RULES_START
<Files .htaccess>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
ServerSignature Off
LimitRequestBody 10240000
<Files wp-config.php>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
#AIOWPS_BASIC_HTACCESS_RULES_END
#AIOWPS_PINGBACK_HTACCESS_RULES_START
<Files xmlrpc.php>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
#AIOWPS_PINGBACK_HTACCESS_RULES_END
# END All In One WP Security

But still the same output using the /xmlrpc.php : XML-RPC server accepts POST requests only.

Hi,

I disabled all the plugings, still the same result. I do not use some kind of CDN…

What I’m going to do is create a new test-site, with a clean WordPress install and see what’s happening..

Ok, I did the following:

Removed all caching and disabled WP Super Cache (just to be sure).
Installed the AIOWPS reset plugin and activated it.
Reset all the AIOWPS settings using that plugin.
Configures all the settings again.

Unfortunately : XML-RPC server accepts POST requests only.

The .htaccess files looks like this:

# BEGIN All In One WP Security
#AIOWPS_BASIC_HTACCESS_RULES_START
<Files .htaccess>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
ServerSignature Off
LimitRequestBody 10240000
<Files wp-config.php>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
#AIOWPS_BASIC_HTACCESS_RULES_END
#AIOWPS_PINGBACK_HTACCESS_RULES_START
<Files xmlrpc.php>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
#AIOWPS_PINGBACK_HTACCESS_RULES_END
# END All In One WP Security

Any more suggestions? AIOWPS is the only security plugin on this site…

I have checked the server log files, and what I see is:

GET /wp-includes/wlwmanifest.xml – 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 200 0 0 1291 227 15
GET / author=1 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 301 0 0 452 209 937
GET / author=1 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 301 0 0 452 209 937
POST /xmlrpc.php – 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 200 0 0 67837 98453 1062
POST /xmlrpc.php – 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 200 0 0 67837 98172 2482
POST /xmlrpc.php – 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 200 0 0 732 98145 1157
POST /xmlrpc.php – 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 200 0 0 732 98174 1079
POST /xmlrpc.php – 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 200 0 0 732 97942 1218
POST /xmlrpc.php – 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 200 0 0 732 98110 1047
POST /xmlrpc.php – 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 200 0 0 732 98317 944
POST /xmlrpc.php – 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 200 0 0 732 98151 1153
POST /xmlrpc.php – 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 200 0 0 732 98285 1132

Again it’s showing that xmlrpc is not blocked ??

It’s not the same problem. This morning I got another mail from a different site that a login attempt was been made with the (renamed) admin account. This site is also running AIO WP Security and Firewall. I find it strange that the renamed admin account is used to try to login.

What those two sites have in common is that the fact they are being monitored and managed using ManageWP. Maybe that’s the weak point??

Thanks for this contribution.

Hi,

Tried the steps above… no luck! The results are the same.. I also tried it on a different (test) site..

I continue with Word Fence, since I installed it the attacked are successfully blocked after a few hours.

Good luck with fixing this.

Ok, tried it… the result is the same..

Ok, than it means that AIO WP Security is not working…

I get the following output:

XML-RPC server accepts POST requests only.

Hi,
Thanks for the reply. Yes, I have Completely blocked access to XMLRPC enabled and I have renamed the login page.. still I get failed login attempts every day..

I also tried to remove the IP from the blacklist, en added it again. It’s just NOT working..

Hi,

Yes! It works!! Thank you very much!!

Thanks for fixing this so fast ??

Cheers!!

Fantastic! Glad to try it out when it’s released ??

I tried the css code. The effect is not what I expected. The text area is now overlapping the area (with a border)… Even when I increase the value to like 600 it’s not getting bigger than the 300 value.

This plugin is bugged.. And like John mentioned, it does not save the row numbers as well…

Please fix this.