Live Chat Software by NetForChoice
Knowledgebase
To Protect WordPress from XML-RPC Attacks
Posted by Netforchoice admin on 01 June 2016 03:20 PM

What is XML-RPC?

XML-RPC is a simple, portable way to make remote procedure calls over HTTP. It can be used with Perl, Java, Python, C, C++, PHP and many other programming languages. WordPress, Drupal and most content management systems support XML-RPC.

How WordPress Using XML-RPC?

WordPress utilizes XML-RPC to remotely execute functions. The popular plugin JetPack and the WordPress mobile application are two great examples of how WordPress uses XML-RPC. This same functionality also can be exploited to send thousands of requests to WordPress in a short amount of time. This scenario is effectively a brute force attack.

Validate an XML-RPC Attack

Finding many entries similar to"POST /xmlrpc.php HTTP/1.0”in your web server logs

The location of your web server log files depends on what Linux distribution you are running and what web server you are running.

grep -c "xmlrpc.php" the path to your accesslog

 

How to Disable WordPress XML-RPC Using Plugin

All you have to do is paste the following code in a site-specific plugin:

add_filter(‘xmlrpc_enabled’, ‘__return_false’);

Alternatively, you can just install the plugin called Disable XML-RPC. All you have to do is activate it. It does the exact same thing as the code above.

   

How to Disable WordPress XML-RPC with .htaccess

While the above solution is sufficient for many, it can still be resource intensive for sites that are getting attacked.

In those cases, you may want to disable all xmlrpc.php requests from the .htaccess file before the request is even passed onto WordPress.

Simply paste the following code in your .htaccess file:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from xx.xx.xxx.xxx
</Files>
# END protect xmlrpc.php

To Verify Attack diminution

After preventing attacks using above mentioned methods, you should verify that it is working.

Parse your access logs will still show attempts, but the resulting error code be something other than 200 like 403,500,404. For example entries in the Apacheaccess.logfile may look like:

[01/May/2016:11:19:21 +0530] “POST /xmlrpc.php HTTP/1.1” 403 291 “-“

Conclusion

By taking steps to mitigate malicious XML-RPC traffic, not only will it make your wordpress blog more secure but it will, once again, offload your server from often CPU load and server crash overall consume less system resources.Gulping system resources by this kind of attacks is the most common reason why a server would go unreachable from network.

(0 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
Help Desk Support from NetForChoice