ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Block XMLRPC Calls on WordPress from the Host Level

    IT Discussion
    wordpress xmlrpc apache nginx litespeed openlitespeed htaccess
    1
    1
    392
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      If you see a lot of web traffic or performance issues with your website, a common attack vector is to utilize the XML-RPC functions. This can be used by some external applications, but is often not used and many people will want to have it disabled. You can manage it via a plugin, which makes it easy for the application admin to handle, but if you simply want to disable it at the host level (accessible to a system administrator instead), then you can simply add this code block to the top of your .htaccess files...

      # Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
</Files>

      Works on Apache, Nginx, OpenLiteSpeed, LiteSpeed, etc.

      1 Reply Last reply Reply Quote 0
      • 1 / 1
      • First post
        Last post