How to block access to xmlrpc.php file?

#1
Hello
I use this code in httpd.conf to block access to xmlrpc.php file that kills many wordpress based websites every day ;-)
Code:
<FilesMatch "^(xmlrpc\.php|wp-trackback\.php)">
Order Deny,Allow
Deny from all
</FilesMatch>
Is it possible to add a rewrite rule to block access to some files like xmlrpc.php?
If you use wordpress and security plugins please share your working codes that work.
Thanks a lot
 

zEitEr

New Member
#5
Here is another solution if rules need to be added directly into each virtualHost (in case you use templates for auto-generating virtualHost like DirectAdmin does):

Code:
rewrite  {
    enable                  1
    autoLoadHtaccess        1
    RewriteRule ^/(xmlrpc|wp-trackback)\.php - [F,L,NC]
  }
 

remics

New Member
#6
Here is another solution if rules need to be added directly into each virtualHost (in case you use templates for auto-generating virtualHost like DirectAdmin does):

Code:
rewrite  {
    enable                  1
    autoLoadHtaccess        1
    RewriteRule ^/(xmlrpc|wp-trackback)\.php - [F,L,NC]
  }
Interesting! Thanks.
Where I put this code?
 
#7
Method 1 - Plugin
우리카지노

  1. Log into your WordPress Admin Dashboard.
  2. Click on Plugins >> Add New.
  3. Search for "Disable XML-RPC" and install the Disable XML-RPC plugin.
  4. Simply activate the plugin, and that's it! XML-RPC should be disabled.
  5. You can recheck using the XML-RPC Validator
To block the xmlrpc.php and prevent or stop any abuse, simply open up your .htaccess file and add the following to the bottom of the file:
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
If you have a service that you know uses the xmlrpc.php functionality and you have the IP’s they are connecting from you can alter the above code to allow only those IP’s to access it, preventing abuse from anyone else, like so:
<Files xmlrpc.php>
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
</Files>
Replacing the xxx.xxx.xxx.xxx with the IP of the service you wish to have access your xmlrpc.php file
You can read more here: https://codex.wordpress.org/XML-RPC_Support
 
Top