XML RPC is enabled by default in WordPress since version 3.5, including WP 4.8.2. Here is the more info about it: XML-RPC Support. If it is not working for you, it is possible that you have some plugin that disables it, and most security plugins have options to do so.
If you’re on a remote server, XMLRPC would be best, but requires login details If you’re in a PHP script on the same server, wp-load.php would be best ( XMLRPC will involve a request of sorts ) If you’re in a bash or CLI script, WP CLI would be best, e.g.: wp post create –post_type=page … Read more
This is the most specific solution I could find as it disables only the single function being attacked. functions.php: function Remove_Unneeded_XMLRPC( $methods ) { unset( $methods[‘wp.getUsersBlogs’] ); return $methods; } add_filter( ‘xmlrpc_methods’, ‘Remove_Unneeded_XMLRPC’ ); found this at: http://www.cryptobells.com/more-wordpress-xmlrpc-brute-force-attacks/ For a broader solution there is a WordPress plugin called “Disable XML-RPC” which does precisely that, disables … Read more
From look at source metaWeblog.newPost seems to be processed in wp_xmlrpc_server->mw_newPost() method. At the end of this method there is following hook call: do_action( ‘xmlrpc_call_success_mw_newPost’, $post_ID, $args ); which seems to be very fitting to process and save any additional information for post that have just been created by its ID provided.
Assigning posts to taxonomy terms in XML-RPC: Let’s assume your setup is: xml-rpc wp.newPost (sender) site A ————-> site B (receiver) and you want to assign the new posts to a given taxonomy terms on site B. From site B: Then you can try the following, on the receiving site B: $post_data[‘tax_input’] = array( ‘category’ … Read more
The field for tags is mt_keywords, as reference see this ticket. The field for the category is categories. Important is it, that you have a array for the fields, like $categories[0] = “cat1”; $categories[1] = “cat2”; $tags[0] = “tag1”; $tags[1] = “tag2”; $content[ ‘categories’ ] = $categories; $content[ ‘mt_keywords’ ] = $tags; As reference for … Read more
I think that when talking about XMLRPC in the context of wordpress you usually mean to talk about authoring tools utilizing the XMLRPC protocol, and not about the protocol in general. In case of pingbacks and trackbacks the XMLRPC protocol is utelized to send content (comment) to your site by some other entity which is … Read more
This looks like a spam bot or an enumeration rather than a DDoS attack. To be sure, you should look into your resource consumption, the dynamic of IP addresses and maybe the payloads. 1. Blocking access to xmlrpc.php file.: I think you shouldn’t: It cannot help you survive a real DDoS attack. As @cybmeta said, … Read more
If I have lots of custom methods what is the best approach to handling this? Instead of filtering xmlrpc_methods, you could extend the wp_xmlrpc_server class and set your class as default with the filter wp_xmlrpc_server_class. // Webeo_XMLRPC.php include_once(ABSPATH . WPINC . ‘/class-IXR.php’); include_once(ABSPATH . WPINC . ‘/class-wp-xmlrpc-server.php’); class Webeo_XMLRPC extends wp_xmlrpc_server { public function __construct() … Read more
I sent it to you on Twitter, but here it is again. I made this little class to help me do XML-RPC faster. abstract class MZAXMLRPC { protected $calls = Array(); protected $namespace = “myxmlrpc”; function __construct($namespace){ $this->namespace = $namespace; $reflector = new ReflectionClass($this); foreach ( $reflector->getMethods(ReflectionMethod::IS_PUBLIC) as $method){ if ($method->isUserDefined() && $method->getDeclaringClass()->name != get_class()){ … Read more