Solution to xmlrpc.php vulnerability | WordPress.org

WayneSmallman
(@waynesmallman)

10 years, 9 months ago

Hi guys, I’m presently being bled dry of bandwidth by some one / some thing that’s trying to make use of the “xmlrpc.php” file, which — incidentally — no longer exists.

I’ve been in discussion with the host:

“There are two issues here, it appears to be vulnerability scanning looking for xmlrpc.php and the redirects performed by WordPress. The vulnerability has been removed but the WordPress 404 redirect is still loading your website, i.e. using bandwidth.”

Sadly, all I’m able to say is that I may be using 3.2 or above, since I cannot sign in to see which it is, due to the lack of bandwidth.

At this point, I have zero idea how to stop this, so any advice would be much appreciated.

Viewing 2 replies - 1 through 2 (of 2 total)

wpismypuppet
(@wordpressismypuppet)

10 years, 9 months ago

If you have access to your .htaccess file, then this solution might help:

http://perishablepress.com/wordpress-xmlrpc-pingback-vulnerability/

Thread Starter WayneSmallman
(@waynesmallman)

10 years, 9 months ago

Thanks, I’ll give it a try. But I have the feeling this might not work, given that it doesn’t prevent the visit in the first place, which is what’s absorbing all of my bandwidth.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Solution to xmlrpc.php vulnerability’ is closed to new replies.

In: Fixing WordPress
2 replies
2 participants
Last reply from: WayneSmallman
Last activity: 10 years, 9 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics