[resolved] Hacked Files? (6 posts)

  1. Robert Eichhorn
    Posted 9 months ago #

    I am checking my website access logs to try to identify IP addresses as hackers. I have found a series of 4 files that are being hit by IPs in France and China. The series of files includes my WP Login page at /wp-login.php. I would like to know if there is a valid reason why the series of files are being hit or if the hits are being made by a hacker.

    Series of 4 Files:
    1. GET /archives/5 HTTP/1.1
    2. GET /wp-login.php?action=register HTTP/1.1
    3. GET /archives/5 HTTP/1.1
    4. POST /xmlrpc.php HTTP/1.1

  2. esmi
    Forum Moderator
    Posted 9 months ago #

    None of the above suggest anything really suspicious.

  3. Robert Eichhorn
    Posted 8 months ago #

    Along with my topic question, does anybody know what the /xmlrpc.php file is for, and why would someone want to Post to it?

  4. Sure, here's some info on XML-RPC: http://codex.wordpress.org/XML-RPC_Support

    Bots sometimes try to post to it, but they won't succeed without your username and password.

  5. Robert Eichhorn
    Posted 8 months ago #

    @MacManX (James Huff). Thanks for the link. Now I realize XML-RPC enables posting to WP by a Weblog Client. Thanks for the info about Bots trying to post - good to know.

  6. You're welcome!


You must log in to post.

About this Topic