Call: (480) 382-8464

How to Block XMLRPC ATTACKS in WordPress

xmlrpc.php attacks in wordpress are basically brute force password attacks. The attacks are able to get the passwords (but not usernames) for your wordpress users. Finding the username is trivial. The attackers seem not to be able to use the xmlrpc.php to do anything else besides brute force guess the passwords, but that is plenty.

In addition to brute force guessing, they take considerable resources and on a small VPS, this can act like a denial of service attack.
ishalluse

Are You a Victim of xmlrpc Brute Force Attack:


# grep xmlrpc /var/www/logs/access.log | head
46.105.8.191 - - [21/Feb/2016:14:52:29 -0600] "POST /xmlrpc.php HTTP/1.0" 200 55161 "-" "-"
46.105.8.191 - - [21/Feb/2016:14:52:30 -0600] "POST /xmlrpc.php HTTP/1.0" 200 55161 "-" "-"
46.105.8.191 - - [21/Feb/2016:14:52:31 -0600] "POST /xmlrpc.php HTTP/1.0" 200 55161 "-" "-"
46.105.8.191 - - [21/Feb/2016:14:52:32 -0600] "POST /xmlrpc.php HTTP/1.0" 200 55161 "-" "-"
46.105.8.191 - - [21/Feb/2016:14:52:33 -0600] "POST /xmlrpc.php HTTP/1.0" 200 55161 "-" "-"
46.105.8.191 - - [21/Feb/2016:14:52:34 -0600] "POST /xmlrpc.php HTTP/1.0" 200 55161 "-" "-"
46.105.8.191 - - [21/Feb/2016:14:52:35 -0600] "POST /xmlrpc.php HTTP/1.0" 200 55161 "-" "-"
46.105.8.191 - - [21/Feb/2016:14:52:36 -0600] "POST /xmlrpc.php HTTP/1.0" 200 55161 "-" "-"
46.105.8.191 - - [21/Feb/2016:14:52:37 -0600] "POST /xmlrpc.php HTTP/1.0" 200 55161 "-" "-"
46.105.8.191 - - [21/Feb/2016:14:52:38 -0600] "POST /xmlrpc.php HTTP/1.0" 200 55161 "-" "-"

How to Block xmlrpc Attacks in Apache

This code blocks all access to xmlrpc.php.


vim /etc/apache2/apache2.conf
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

How to block xmlrpc attacks in Apache

If you want to allow certain ips to access xmlrpc.php still, you can use code like this:


vim /etc/apache2/apache2.conf
<Files xmlrpc.php>
order deny,allow
deny from all
allow from 111.222.333.444 100.200.300.400
</Files>

brute-force-password-xmlrpc

Hardening WordPress

To further harden wordpress you should review the Hardening WordPress document.

Leave a Reply

Your email address will not be published. Required fields are marked *

Main Offers/Services

Hosting and website related services offered by Digital Crunch:



Managed VPS Hosting

Server Updates, Module/Software Installs, Firewall, Security, Hosting Management, Wordpress - let us manage it for you

Hosted Email

Setup and Maintain Business Class, Secure Email Hosting including spam protection and 25GB of storage space

Linux Consulting

Server Updates, Module/Software Installs, Firewall, Security, Hosting, Wordpress and Apps, anything related to Linux

Email Marketing Services

We broadcast your content to your list, capture leads for you, follow up on schedules, make more sales for you

Website Maintenance

Content updates, menu changes, graphics changes, adding content, getting links, building traffic, building sales funnels

Hosting Tutorials

Tutorials we've written for other customers that like to get their hands dirty and learn about hosting