Jetpack

How to: Protect WordPress from brute-force XML-RPC attacks

Jan Reilink
WordPress
2 June 201724 September 2020

The WordPress XML-RPC API has been under attack for many years now. Back in August 2014, WordPress released version 3.9.2, fixing a possible denial of service issue in PHP’s XML processing. There are brute-force amplification attacks, reported by Sucuri, and so on. So, how do you protect WordPress from xmlrpc.php attacks, but still being able to use (some of) its functionality like Jetpack? This post gives you some insight.

Jan Reilink
WordPress
19 May 201716 June 2020

Recently the WordPress Jetpack email sharing service is often abused by spammers. They use the Send to Email Address for sending spam. All these kind of “Tell a Friend” scripts are abused a lot. Here is how to disable email share service in Jetpack.

Jan Reilink
WordPress
7 July 201429 January 2020

WordPress xmlprc.php DDoS and brute-force attacks. How to identify, block, mitigate and leverage these xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites… Secure WordPress xmlprc.php interface and reduce service disruption.

Jetpack

How to: Protect WordPress from brute-force XML-RPC attacks

Remove Jetpack email sharing service

Huge increase in WordPress xmlrpc.php POST requests