XML-RPC

You are here: Sysadmins of the North » XML-RPC

Protect WordPress from brute-force XML-RPC attacks

Web application security / By Jan Reilink / 02/06/2017 25/11/2022

The WordPress XML-RPC API has been under attack for many years. Back in August 2014, WordPress released version 3.9.2, fixing a possible denial of service issue in PHP’s XML processing. There are brute-force amplification attacks, reported by Sucuri, and so on. So, how do you protect WordPress from these xmlrpc.php attacks, optionally still being able to use (some of) its functionality like Jetpack? This post gives you some insights.

Huge increase in WordPress xmlrpc.php POST requests

WordPress / By Jan Reilink / 07/07/2014 28/09/2022

WordPress xmlprc.php DDoS and brute-force attacks. How to identify, block, mitigate and leverage these xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites… Secure WordPress xmlprc.php interface and reduce service disruption.