xmlrpc.php

  • Resolved dzweb84

    (@dzweb84)


    1 year, 3 months ago

    Hi, today I noticed some failed login xmlrpc.php with user “admin” from a bot, then I have selected Disable XML-RPC authentication in login security. If I try to go to url “yoursite/xmlrpc.php” I had “XML-RPC server accepts POST requests only.” So I put the code in the htaccess <Files xmlrpc.php> order deny,allow deny from all </Files> after wordfence firewall code #END Wordfence WAF and now the url gives 403 forbidden; is this correct? Thanks for support.

    • This topic was modified 1 year, 3 months ago by dzweb84.
    • This topic was modified 1 year, 3 months ago by dzweb84.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    1 year, 3 months ago

    Hi @dzweb84,

    Yes, if you wish to block any access to XML-RPC, especially useful if you’re not using Jetpack or the WordPress app, the code for .htaccess is:

    # Block WordPress xmlrpc.php requests
    <Files xmlrpc.php>
    order deny,allow
    deny from all
    </Files>

    This should help prevent registration and comment spam and seems to be behaving as intended. Our authentication setting can also be kept on.

    Thanks,
    Peter.

    Thread Starter dzweb84

    (@dzweb84)

    1 year, 3 months ago

    Hi,

    thank you very much for your help.

    • This reply was modified 1 year, 3 months ago by dzweb84.
Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘xmlrpc.php’ is closed to new replies.