There is a second method of logging into WordPress, which is used by the WordPress app, desktop blogging software, and also for features like trackbacks and pingbacks.
Since you’re getting the message, Wordfence does block the login attempts, so if you just want to receive fewer emails, you can turn off the option “Alert when someone is locked out from login” on the Wordfence Options page, or enter a number in the “Maximum email alerts to send per hour” box below that.
You can stop XML-RPC from being used all together, if you want. Usually the easiest way to disable it is with a plugin, such as “Disable XML-RPC”, which is available for free in the WordPress plugin installer — but if you did need any of the features mentioned in the first paragraph above, they would stop working.
Let us know if this helps, or if you have any other questions!
-Matt R
Thanks for the information, that is reassuring, Matt.
I was just not sure if it was a false positive in some way, or if it meant a serious attempt to log in. I don’t use the app nor desktop blogging software as far as I know, so I could disable them. Trackbacks and pingbacks I have never really understood, so they could go too.
@elliekennard
You know….I could be wrong here, but I think that when many users of WF are using the term “BLOCKING”, that they may be thinking that once an IP is BLOCKED by WF from an attempt to login for a period of time or permanently, that the “bot attack ends”. Not always the case, even when the target file name no longer exists.
The attacking IP/BOT often will continue knocking on the door even if blocked from login attacks or if the file location does not exist. It depends on how the bot was coded. As I mentioned in another recent WF post, I received a whopping 15k hits to a login file that didn’t exist on my server. Dumb ass bot really. Yet some of them quit after only a few tries.
Thanks, yes, I guess it could be misleading. I know little about it. The login page has been renamed at least 6 months ago, when I was getting hundreds of login attempts, one after the other.
I installed and enabled the plugin dissable XML-RPC so will see what difference this makes.
I have read the further information on what happens when disable XML-RPC is activated and will now de-activate the plugin. I’m glad for the further information supplied.
