Feature request – block xmlrpc attacks | WordPress.org

Resolved maghe
(@maghe)

9 years, 9 months ago

Attackers are abusing the XML-PRC “pingback” feature of WordPress blog sites to launch DDoS attacks on other sites: http://blog.spiderlabs.com/2014/03/wordpress-xml-rpc-pingback-vulnerability-analysis.html

How about logging xmlrcp.php requests, so we can set up a fail2ban jail if needed? Even if pingback/trackback are disabled, those attacks are causing server overloads.

https://wordpress.org/plugins/wp-fail2ban/

Viewing 1 replies (of 1 total)

Plugin Author invisnet
(@invisnet)

9 years, 8 months ago

Good idea – this will be in version 2.2.0.

Viewing 1 replies (of 1 total)

The topic ‘Feature request – block xmlrpc attacks’ is closed to new replies.

In: Plugins
1 reply
2 participants
Last reply from: invisnet
Last activity: 9 years, 8 months ago
Status: resolved