Saturday 9 January 2016

XMLRPC Wordpress Attack

How to protect your wordpress website from xmlrpc attack

Queston: What is XMLRPC?
XML-RPC is one of the protocols that use XML for messages between two server. It is used to "Remote Procedure Calls" using XML.


Queston: Question: What is JSON-RPC?
JSON-RPC is one of the protocols that use JSON for messages between two server.
It is used to "Remote Procedure Calls" using JSON.


Queston: What is xmlrpc in wordpress?
WordPress uses an XML-RPC interface.
XML-RPC protocol is used to post entries.


Question: How to protect your website from xmlrpc attack?
Add following code in bottom of .htaccess file in root folder.
<Files 'xmlrpc.php'>
Order Allow,Deny
deny from all
</files>



Question: How to stop abusing XML-RPC file?
Open functions.php file in your add theme and following code.
add_filter( 'xmlrpc_methods', function( $methods ) {
         unset( $methods['pingback.ping'] );
            return $methods;
      } );