Being one of the most popular blogging/ website platform, WordPress can be exploited quickly. There are many ways the WordPress exploiting can happen and it’s kind of a headache to clear the malware attacks that has occurred in a WordPress website.
Here’s a post that would help you out to clear out your WordPress Website from malware attacks.
This post is about one of the specific attacks that can happen anytime on your WordPress and how can we stay ahead and prevent from happening.
What is an XML RPC ?
XML-RPC is basically an API that can connect WordPress to other devices and let’s you perform the regular WordPress Actions like publishing/deleting a post, any action that you can do on a WordPress website after logging in.
WordPress has the XML-RPC available by default from 3.5 and above versions. WordPress ships with the file xmlrpc.php in the main root folder.
This file is the gateway for your WordPress website to accept external requests by authenticating the user properly in the form of XML.
This would mean that applying a Brute Force Attack or any other means to get the password, will open up your WordPress website for exploitation.
How to Prevent XML-RPC Attack ?
The only way to prevent the XML-RPC attack is for you to disable it, by installing plugins like Disable XML-RPC. After installing this plugin, the XML RPC connection would be disabled.
Another way to disable it is by writing up the below line of code in a custom plugin if you have experience in creating one.
add_filter( 'xmlrpc_enabled', '__return_false' );
How to test if the plugin or the above code worked ?
Go to this website – https://xmlrpc.eritreo.it/ and put in your WordPress url like below.
It should probably tell you that “XML-RPC services are disabled on this site.”
This is it. This should prevent you from getting an XML-RPC Attack to your WordPress website.
If this helped you out to take one step towards preventing your website from attacks, let me know in comments.
Image Credit :- Unsplash