Hi @nomadarod,
Comment and registration spam through XML-RPC is extremely common, so disabling it (if you’re able to) is always a good place to start. You can also prevent XML-RPC authentication in our Wordfence > Login Security > Settings page. A reCAPTCHA solution may help in this case if you’re using the default WordPress login/registration pages on your site even if you don’t believe any of this traffic has come through those at this stage.
If you’re not using Jetpack or the WordPress app, try disabling access to XML-RPC altogether via your .htaccess file with:
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
Many thanks,
Peter.
Thread Starter
rod
(@nomadarod)
Hi Peter,
Thank you for your help.
I am using a different app for the registrations form. Because of the way we want to direct users when they register, I have it set so that the users are logged in automatically when they register, trusting that it will be safe since the registrations are paid.
I don’t have Jetpack on this site. So I checked the prevent XML-RPC authentication box in wordfence as you suggested. I’m not sure what it means in terms of implications for our users access to the forms and pages.
Thank you or being there
Rodrigo
Hi @nomadarod,
Provided no plugins require it (as you’ve checked for with Jetpack etc.) there should be no implications for your users. It should just disallow comment/registration spam through that route.
Many thanks,
Peter.
