Hi Christos, can you check to see if you have the following enabled Enable Pingback Protection: under Firewall -> Basic Firewall Rules?
Thread Starter
ZooL
(@zool)
Hi, thank you for your prompt answer. Yes, Pingback Protection is enabled.
Perhaps I should add at this point that my website is hosted on a Windows environment (IIS 7.5 & Plesk 11); I don’t know if this makes any difference.
Using a browser type the URL path to the root wordpress location of your site and add “xmlrpc.php” at the end, eg,
yoursite.com/xmlrpc.php
What do you see when you do the above?
Hi @zool, you should be getting the following
403 Permission Denied
You do not have permission for this request /xmlrpc.php.
Can you check your .htaccess file and let us know if you see the following rule.
#AIOWPS_PINGBACK_HTACCESS_RULES_START
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
#AIOWPS_PINGBACK_HTACCESS_RULES_END
Regards
Thread Starter
ZooL
(@zool)
Hi,
As I mentioned earlier, my site is hosted on IIS (Windows). So, unfortunately, there’s no .htaccess file π
There is however a web.config file that’s been used in the Windows platform, which substitutes part of the .htaccess functionality. (Some info can be found here: http://www.saotn.org/convert-apache-htaccess-iis-web-config/)
Could you possibly offer some assistance with that?
Thank you!
Some googling revealed the following code you could possibly try:
<security>
<requestFiltering>
<denyUrlSequences>
<add sequence="xmlrpc.php" />
</denyUrlSequences>
</requestFiltering>
</security>
The above should be the IIS equivalent to the apache .htaccess rules for denying access to xmlrpc.php.
Thread Starter
ZooL
(@zool)
Thank you, it seems to be working:
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
So, does this resolve the issue? Should I change the login url to something new?
@zool, that is good news π Yes that does resolve your issue.
You can change the Login URL if you want. Keep an eye out and see if your attacks have been reduced or stopped.
You can close this support thread if you like. If you have any other issues in the future open up a new support thread.
Kind regards
Thread Starter
ZooL
(@zool)
That did it, thank you!
Attacks have now stopped, issue is resolved!
Best regards,
Christos