Title: XMLRPC Authentication Brute Force Attacks
Last modified: August 28, 2023

---

# XMLRPC Authentication Brute Force Attacks

 *  Resolved [way245](https://wordpress.org/support/users/way245/)
 * (@way245)
 * [2 years, 8 months ago](https://wordpress.org/support/topic/xmlrpc-authentication-brute-force-attacks/)
 * How do I prevent this from happening?

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Support [chandelierrr](https://wordpress.org/support/users/shanedelierrr/)
 * (@shanedelierrr)
 * [2 years, 8 months ago](https://wordpress.org/support/topic/xmlrpc-authentication-brute-force-attacks/#post-17052695)
 * Hi [@way245](https://wordpress.org/support/users/way245/), apologies for the 
   delayed response! To prevent brute force attacks on your site’s xmlrpc.php file,
   I’d recommend restricting access to it via **Security > Settings > Advanced >
   [WordPress Tweaks](https://ithemes.com/blog/ithemes-security-pro-feature-spotlight-wordpress-tweaks/)**,
   and in the API Access section, choose “Disable XML-RPC”. Hope this helps, and
   please let me know if the attacks lessened or not.
 *  Plugin Support [chandelierrr](https://wordpress.org/support/users/shanedelierrr/)
 * (@shanedelierrr)
 * [2 years, 7 months ago](https://wordpress.org/support/topic/xmlrpc-authentication-brute-force-attacks/#post-17093141)
 * Hi there,
 * I hope the information I provided helped resolve the issue. Tracking notifications
   on this forum can become tricky over time, and since we haven’t received a response,
   I’ll mark this post resolved. 
   If you still require further assistance, feel 
   free to open a new support topic, and we’d be happy to assist. Thank you.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘XMLRPC Authentication Brute Force Attacks’ is closed to new replies.

 * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=3529351)
 * [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/)
 * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [chandelierrr](https://wordpress.org/support/users/shanedelierrr/)
 * Last activity: [2 years, 7 months ago](https://wordpress.org/support/topic/xmlrpc-authentication-brute-force-attacks/#post-17093141)
 * Status: resolved