Title: XML RCP, CDN, ATTACKS!! Last modified: April 11, 2019 --- # XML RCP, CDN, ATTACKS!! * Resolved [akiraanastasia](https://wordpress.org/support/users/akiraanastasia/) * (@akiraanastasia) * [7 years, 1 month ago](https://wordpress.org/support/topic/xml-rcp-cdn-attacks/) * So whole world is changing and adopting the new WP API for their plugins. But Jetpack is using old xml-rcp which can give access to any site for all hackers. Why you can not change this!!!? I am getting 100s of request of xml-rcp wrong username logins. Thankfully wordfence is blocking it. BUT what if hacker found my username???? It will give access to my whole site. * Any way to block xml-rcp while using Jetpack? What is Jetpack CDN IPs so we can whitelist it and block xmlrcp reuests. It will work? Viewing 5 replies - 1 through 5 (of 5 total) * Plugin Support [KokkieH](https://wordpress.org/support/users/kokkieh/) * (@kokkieh) * [7 years, 1 month ago](https://wordpress.org/support/topic/xml-rcp-cdn-attacks/#post-11416808) * Hi there, * You should be able to protect your XML-RPC file without needing to whitelist specific IPs. Please contact support at your hosting provider to discuss what options they have available. * But if you need to whitelist specific IPs, whitelist all the IP ranges listed here: * [https://jetpack.com/support/hosting-faq/#find-help](https://jetpack.com/support/hosting-faq/#find-help) * Thread Starter [akiraanastasia](https://wordpress.org/support/users/akiraanastasia/) * (@akiraanastasia) * [7 years, 1 month ago](https://wordpress.org/support/topic/xml-rcp-cdn-attacks/#post-11420088) * And why you need old XMLRPC style for plugins when there is Wp API is avaialble? * Plugin Support [KokkieH](https://wordpress.org/support/users/kokkieh/) * (@kokkieh) * [7 years, 1 month ago](https://wordpress.org/support/topic/xml-rcp-cdn-attacks/#post-11420772) * The WordPress API does not yet have support for all the endpoints Jetpack needs to work. We are also still investigating the best way to authenticate Jetpack with the REST API. * This is something we’re keeping an eye on, but I cannot give you any timeline for when we might make the switch. * Thread Starter [akiraanastasia](https://wordpress.org/support/users/akiraanastasia/) * (@akiraanastasia) * [7 years, 1 month ago](https://wordpress.org/support/topic/xml-rcp-cdn-attacks/#post-11422386) * ok. Does Protect Module in Jetpack works against xmlrcp attacks? * Can you tell simple way to solve the problem? * Plugin Contributor [James Huff](https://wordpress.org/support/users/macmanx/) * (@macmanx) * [7 years, 1 month ago](https://wordpress.org/support/topic/xml-rcp-cdn-attacks/#post-11423289) * Yes, Protect guards against brute force attacks on both wp-login.php and xmlrpc. php. * The only way to solve the problem at this time to allow Jetpack to connect via xmlrpc.php. As mentioned earlier, you can also do this by simply whitelisting our IPs: [https://jetpack.com/support/hosting-faq/#find-help](https://jetpack.com/support/hosting-faq/#find-help) * Once Jetpack is connected, it will protect your xmlrpc.php file if the Protect module is enabled: [https://jetpack.com/support/security-features/#protect](https://jetpack.com/support/security-features/#protect) Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘XML RCP, CDN, ATTACKS!!’ is closed to new replies. * ![](https://ps.w.org/jetpack/assets/icon.svg?rev=2819237) * [Jetpack - WP Security, Backup, Speed, & Growth](https://wordpress.org/plugins/jetpack/) * [Frequently Asked Questions](https://wordpress.org/plugins/jetpack/#faq) * [Support Threads](https://wordpress.org/support/plugin/jetpack/) * [Active Topics](https://wordpress.org/support/plugin/jetpack/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/jetpack/unresolved/) * [Reviews](https://wordpress.org/support/plugin/jetpack/reviews/) ## Tags * [hacking](https://wordpress.org/support/topic-tag/hacking/) * 5 replies * 3 participants * Last reply from: [James Huff](https://wordpress.org/support/users/macmanx/) * Last activity: [7 years, 1 month ago](https://wordpress.org/support/topic/xml-rcp-cdn-attacks/#post-11423289) * Status: resolved