xmlrpc.php

Recently in the server logs I saw lots of attempts to /xmlrpc.php

/xmlrpc.php is the file used for Pingbacks, so if someone links to my blog , they can add my blog article and WordPress will check in then create a link to the users site. This actually opens up wordpress sites to be used for DOS’ people

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/wordpress-xml-rpc-pingback-vulnerability-analysis/

 

You can disable access to this file via updating .htaccess

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: dos, wordpress, xmlrpc.php

Trackback from your site.