xml-rpc - Sysadmins of the North

Protect WordPress from brute-force XML-RPC attacks

How do you secure WordPress against xmlrpc.php attacks, optionally still being able to use (some of) its functionality like Jetpack? This post gives you some insights.

Published on Friday, 2 June 2017

Huge increase in WordPress xmlrpc.php POST requests

How to identify, block, mitigate and leverage these xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites.

Published on Monday, 7 July 2014

windows-server (114) iis (80) powershell (77) php (55) wordpress (49) mysql (36) windows (34) performance (28) linux (23) web.config (23) Website (22) htaccess (20) bash (19) aspnet (19) url-rewrite-module (19) sql-server (18) optimization (18) ssl (17) gnu-linux (14) plugin (14) windows-10 (12) devops (11) monitoring (11) security (10) appcmd (10) wsl (9) smtp (9) wincache (9) wmi (8) zabbix (8) windows-update (8) opcache (8) openssh (7) database (7) dism (7) functions-php (7) iis-60 (7) sysops (6) wsus (6) apache (6) hyper-v (6) virtualization (6) spam (6) classic-asp (6) ddos (6) password (5) email (5) active-directory (5) umbraco (5) joomla (5) command-line (5) application-pool (5) blacklist (5) t-sql (4) wql (4) https (4) group-policy (4) backup (4) connector-net (4) debug (4) logparser (4) network-adapter (4) dns (4) query_cache (4) ghost (4) iisnode (4) node-js (4) vbscript (3) windows-firewall (3) brute-force (3) ftp (3) postfix (3) forensics (3) benchmark (3) xss (3) disk-cleanup (3) disk-space (3) sql-injection (3) openssl (2) net-core (2) visual-studio (2) windows-defender (2) rdp (2) connector-odbc (2) c (2) mysqldump (2) xml-rpc (2) smb (2) cross-site-scripting (2) innodb (2) httpbl (2) centos (2) magento (2) denial-of-service (2) deployment (2) windows-deployment-services (2) mysqli (2) open-xchange (2) waf (2) web-application-firewall (2) code-base (1) windows-11 (1) ipv6 (1) networking (1) sqlce (1) tinymce (1) Prianha-CMS (1) kvm (1) http-3 (1) quic (1) wmsvc (1) database-mirroring (1) service-principal-names (1) spn (1) jetpack (1) api (1) kms (1) red-hat (1) varnish-cache (1) elasticsearch (1) dhcp (1) jquery (1)