How to block XML-RPC attack?

Check the ‘order’ order. I do it this way:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
# allow from xx.xx.xx.xx   #add allowed IP addresses
</Files>

And, to ensure it’s blocked, I add this to the functions.php file.

add_filter('xmlrpc_enabled', '__return_false');

Actually, I put the above command and others into a private plugin, so I don’t have to worry about Child Themes, or theme changes.

(Side note: I had a WP site compromised via an xmlrpc attack.)

Related Posts:

  1. Plugin or advice on how to parse XML in real-time?
  2. X-Pingback and XMLRPC
  3. WordPress import does not fetch images, but just links them
  4. How can I process xml file on upload?
  5. How to activate plugins for my WordPress sites from a remote server
  6. How to stop xmlrpc attacks without disabling component to allow JetPack to work in WordPress?
  7. Widget with same content across several websites
  8. The problem with WordPress Importer
  9. Call specific plugin update
  10. Retrieve Plugin Settings and insert into XML string
  11. how to convert XML from URL to HTML
  12. Using Microsift Word/Outlook for content publishing to WordPress
  13. How to create a plugin page that shows XML?
  14. Can I disable xml-rpc by setting it to false?
  15. WP Import All Multiple Dynamic Link Imports
  16. Avoid duplicate posts with xml rpc
  17. SimpleXML is not working with xml response from external api
  18. WordPress sitemap “Extra content at the end of the document”
  19. Modifying WordPress XML-RPC Built-Ins
  20. Xml output not places where i want
  21. How to import data from another website using an API link?
  22. XMLRPC error: xmlrpc.client.Fault:
  23. How to find out which plugin create captcha after login?
  24. Comment IP Plugin – Fixing onfocus=’this.select()’
  25. How do I make reusable content blocks for header and footer when using WordPress headless with another front-end?
  26. WordPress 5.4 – How to prevent to enter only certain values in custom field
  27. What form should the $query media query array have for an Elementor page builder function? [closed]
  28. Private Page View Counter
  29. WooCommerce: Force coupon for existing/registered customers [closed]
  30. Plugin Activation Error – The plugin generated 22 characters of unexpected output during activation
  31. Plugin Admin Menu Boiler Plate
  32. How can I add IP address to my post?
  33. REST API can’t get the response manually
  34. Super slow plugin page (lots of error 500)
  35. How to make a dynamic css class whose name changes every visit to confuse scraper
  36. serverSideRender does not render “preview” html inside Gutenberg block
  37. How use wp media upload liberary in react components?
  38. Add_rewrite_endpoint doesn’t work with post name permalink structure
  39. How to notify wordpress instalation about my plugin update?
  40. Is it possible not to load theme on a specific page in wordpress?
  41. How to change shortcode’s default theme?
  42. Integer in Array returns null
  43. Plugin onclick button activate other plugin
  44. composer not working on my plugin when i upload it to my website
  45. wc_get_template new template does not showing up
  46. How to select a paragraph other than the 1st to be the post’s excerpt?
  47. Moving Jetpack buttons to appear below the first H2 title on all project/post pages [closed]
  48. Send email to multiple addresses on Contact Form 7, but exclude personal details on all but one
  49. How can I support plugins in a custom theme?
  50. Display site language setting in source code
  51. Show icons or badges under title on product archives/category pages
  52. How to get theme’s info from wordpress.org/themes using api.wordpress.org?
  53. Override/ignore CSS from active theme as not to interfere with my custom CSS
  54. WordPress Custom Pages that work with Plugins?
  55. posts from multiple post types in one slider
  56. How to automatically redirect to custom admin menu after plugin activation?
  57. How to use the CSS of the WordPress core in the development of my administration page?
  58. Redeclare function after plugin activation
  59. add_submenu_page returns null
  60. What is the WordPress approach to custom data?
  61. Conditional Shipping Options if Certain Products are in Cart WooCommerce
  62. Readable titles in mobile
  63. How to do the simplest possible frontend ajax call from a plugin?
  64. The XXX plugin has been deactivated due to an error: The plugin does not have a valid header
  65. How can I add “last updated” in plugin descripton?
  66. get_edit_post_link() not working on wp-cron
  67. get_option / wp_localize_script Not Working in OOP Plug In
  68. New bulk action to resend welcome emails
  69. Get site url and updates data, then use them
  70. How to have a gallery in which each image’s caption is a whole “post”?
  71. I receive taxonomy id
  72. How do we update a custom file upload field with the Advanced Custom Field plugin?
  73. WordPress won’t allow for updates to plugins or WordPress Core
  74. WordPress Stock Update Programatically
  75. Loading a plugin’s js file from functions.php
  76. Woocommerce Backend Search by Title and SKU
  77. I Setup Rate My Post Plugin On Site But Now Got Issues In Google Webmasters
  78. How to integrate together a website currently hosted WordPress.com and a custom web application currently hosted on Azure?
  79. How-to: This block can only be used once
  80. output html on post or page from custom plugin [closed]
  81. Custom Post Type – custom form in dashboard
  82. Problem with add_action
  83. To perform the requested action, WordPress needs to access your web > server
  84. Custom API plugin to execute 3rd party API to retrieve data
  85. Is there a way to convert shortcodes to html content?
  86. Proper way to handle admin-ajax calls
  87. How to display the featured post on the category page?
  88. Disable globally “Crop thumbnail to exact dimensions (normally thumbnails are proportional)” with Multisite
  89. How to find the list of custom post type where logged in user is author
  90. UTF-32be error WordPress
  91. Loop in elementor custom widget not working
  92. Change text string in a plugin
  93. Set Multiple Meta Values as an Array Using dispatch( ‘core/editor’ ).editPost() Call in Gutenberg/JS
  94. wp-admin send 404 error
  95. How to create plugin/ page that reads from database
  96. How To Post WordPress Custom Post Types to Twitter via IFTTT
  97. Stop wordpress from requesting external jquery from googleapi
  98. Can the benefits of performance optimization plugins outweigh the tax of installing them on performance?
  99. get_users(); Is an Undefined Function When Used in Cron Job
  100. Alternate email sending service – eg: AWS SES [closed]
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)