How to prevent brute force attack on wordpress through XML-RPC?

kumkumsharma

Administrator
Staff member
As you know, XML-RPC is a way to communicate between Wordpress and other systems like Windows Live Writer. In earlier versions XML-RPC was disabled but after version 3.4 its enabled by default for the Wordpress mobile app to talk.

There are two reasons to disable it:
  • Not usable feature: this feature is rarely used, so we have to disable it for security.
  • Brute force attack: Chances of brute force attack with XML-RPC file is rare because of too many changes in it. But still it’s possible to attack on it.
So if you are not using this feature of Wordpress then you can disable it permanently. Its very simple you just have to add below code in your .htaccess file to disable XML-RPC:

Code:
# Block WordPress xmlrpc.php requests
< Files xmlrpc . php >
order deny , allow
deny from all
allow from 125.125.125.0
< / Files >
 
Top