How to block XML-RPC attack?

Check the ‘order’ order. I do it this way:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
# allow from xx.xx.xx.xx   #add allowed IP addresses
</Files>

And, to ensure it’s blocked, I add this to the functions.php file.

add_filter('xmlrpc_enabled', '__return_false');

Actually, I put the above command and others into a private plugin, so I don’t have to worry about Child Themes, or theme changes.

(Side note: I had a WP site compromised via an xmlrpc attack.)

Related Posts:

  1. Plugin or advice on how to parse XML in real-time?
  2. X-Pingback and XMLRPC
  3. WordPress import does not fetch images, but just links them
  4. How can I process xml file on upload?
  5. How to activate plugins for my WordPress sites from a remote server
  6. How to stop xmlrpc attacks without disabling component to allow JetPack to work in WordPress?
  7. Widget with same content across several websites
  8. The problem with WordPress Importer
  9. Call specific plugin update
  10. Retrieve Plugin Settings and insert into XML string
  11. how to convert XML from URL to HTML
  12. Using Microsift Word/Outlook for content publishing to WordPress
  13. How to create a plugin page that shows XML?
  14. Can I disable xml-rpc by setting it to false?
  15. WP Import All Multiple Dynamic Link Imports
  16. Avoid duplicate posts with xml rpc
  17. SimpleXML is not working with xml response from external api
  18. WordPress sitemap “Extra content at the end of the document”
  19. Modifying WordPress XML-RPC Built-Ins
  20. Xml output not places where i want
  21. How to import data from another website using an API link?
  22. When unit testing a plugin, does the plugin need to be in the wp-content/plugins directory of the WordPress tests install?
  23. How do I disable a plugin enforced by my host (in mu-plugins)?
  24. Need to create a Theme demo site that features multiple themes
  25. Do Plugins effect site loading time?
  26. Adding Featured Image in Post List
  27. How do I check what plugins are enabled via the database?
  28. Should I use RIPS tool to test my themes and plugins?
  29. How to disable autocomplete for inputs in contact form 7? [closed]
  30. How Restrict access to admin dashboard by specific static ip?
  31. Plugin to hide admin menu (vertical menu bar)
  32. Building WordPress Plugin Using FPDF – How do you get post content from currently viewed post?
  33. Storing Email Account Passwords for SMTP Mailing for a WordPress Plugin
  34. action-scheduler vs wp-background-processing
  35. How to get images from EDD post?
  36. Do you clean up your self-written plugins’ at deactivation?
  37. Will Flutter work with WordPress 3.0?
  38. Function to see how many plugins on a site need updating
  39. How many SQL queries WP Super Cache make to serve cached page?
  40. How to make an interface similar to multi-site for switching between multiple (single) sites for administrators?
  41. Is any information available in PHP files in WP about plugin activation history?
  42. Download any file after submitting a form [closed]
  43. Call to undefined function get_userdata in user.php
  44. Only Homepage not loading properly
  45. AJAX search posts and pages
  46. Error when using plugin QuickCache with plugin Mobile Smart ? [closed]
  47. URL rewrite of independent plugin?
  48. How do post a Photo to Facebook when a post is published? [closed]
  49. WordPress : Explain Plugins & Theme string value in database
  50. Why Does the WordPress Twitter Tools Plugin give a 500 Internal Server Error?
  51. Opening a link automatically on page load?
  52. How to display number of page views on a post?
  53. What is a reasonable memory limit for WordPress
  54. Get plugin download URL from slug
  55. Using add_action before add_filter on a plugin?
  56. How can a wordpress plugin generate pages without posts?
  57. How to multiply a post to test internal search results?
  58. Is there a plugin for automatically adding a word or symbol after a trigger word? I.e. Like a search and replace but more like search and add? [closed]
  59. Product count in archive page Title in WooCommerce [closed]
  60. UTF-32be error WordPress
  61. wp-admin send 404 error
  62. How I update WordPress theme and plugins
  63. WordPress Mailerlite – How to include mailerlite SDK in plugin
  64. How to request admin-ajax.php correctly when wordpress URL and site URL are different?
  65. Installed Forca Theme, wonder how I can alter Post editing screen
  66. How to Use the Filter “sidebar_login_widget_form_args”
  67. How to theme code blocks formatted by the prettify.js embedded with WP-Markdown?
  68. Posts 2 Posts: Display custom types connected to the same other custom type but with another connection
  69. Hide plugins and theme from public
  70. Woocommerce Export and import Orders
  71. How would I get the new plugin version on this function?
  72. acf backend error handling
  73. How to get the custom field value using SQL query
  74. Add a Custom email notification to WC actions
  75. Homepage to serve the content of page created from a plugin [duplicate]
  76. Conditionally load public and admin code with AJAX working on both sides
  77. Disabling drift plugin from homepage
  78. return bbp_get_topic_author_id as integer
  79. Modify function output in a plugin
  80. Why can’t I call a function from inside my registered AJAX function?
  81. I want add repository theme folder
  82. WordPress Widget: Is it possible to make the form dynamic without updating?
  83. Quick Edit in custom posts no show columns after save
  84. Site is continuously accessing by several IPs
  85. Moving to WordPress Premium versus a hosting provider
  86. How to find an option in the database?
  87. Need Help Creating a Multi-Step, Video-Guided Enrollment Site
  88. woocommerce_payment_complete hook only called after accepting payment?
  89. how to sort results by last day update at search result in plugin installer?
  90. User specific content (posts) / limiting visibility
  91. Carrying information from button click into form [closed]
  92. ajax sends data to plugin
  93. Want to add post to user dashboard
  94. Bidding site plugin [closed]
  95. WordPress Plugin: Demon Image Annotation
  96. Facebook like plugin with Multi Option-Needed [closed]
  97. woocommerce create subscription for user using functions / hooks provided
  98. Someone Comment 1000 times in a Day in My WordPress Site, What Can i Do
  99. How to set an exact search box in tablepress plug-in
  100. Private plugin updating – GitHub zip file changes the plugin directory (with release or branch name)
tech