Title: Attack via xmlrpc.php
Last modified: June 29, 2019

---

# Attack via xmlrpc.php

 *  Resolved [natasha006](https://wordpress.org/support/users/natasha006/)
 * (@natasha006)
 * [6 years, 11 months ago](https://wordpress.org/support/topic/attacking-via-xmlrpc-php/)
 * Hello,
    Thanks for the great security solution.
 * and again XML-RPC!
    Unless by “Disable XML-RPC authentication” feature, Wordfence
   will not block any XML-RPC attack? But every minute an attack is through XML-
   RPC.
 * Also by adding below code to .htaccess, XML-RPC attacks are completely blocked:
 *     ```
       <Files xmlrpc.php>
       order deny,allow
       deny from all
       </Files>
       ```
   
 * Truly what’s the difference between these two?
    And why by “Disable XML-RPC authentication”
   Wordfence will not block them?
 * Thanks in advance.
    -  This topic was modified 6 years, 11 months ago by [natasha006](https://wordpress.org/support/users/natasha006/).
    -  This topic was modified 6 years, 11 months ago by [natasha006](https://wordpress.org/support/users/natasha006/).

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Support [wfphil](https://wordpress.org/support/users/wfphil/)
 * (@wfphil)
 * [6 years, 11 months ago](https://wordpress.org/support/topic/attacking-via-xmlrpc-php/#post-11689096)
 * Hi [@natasha006](https://wordpress.org/support/users/natasha006/)
 * The setting works perfectly for me to completely block logins via the XML-RPC
   interface. Please note that currently the Live Traffic tool page doesn’t reflect
   that an attempted login was blocked if that is what lead you to believe that 
   it isn’t working.
 *  [gezafodor](https://wordpress.org/support/users/gezafodor/)
 * (@gezafodor)
 * [6 years, 5 months ago](https://wordpress.org/support/topic/attacking-via-xmlrpc-php/#post-12238991)
 * I am facing with the same problem, but my issue freezed here. :/
    [https://wordpress.org/support/topic/how-to-prevent-unwanted-user-registrations/#post-12120413](https://wordpress.org/support/topic/how-to-prevent-unwanted-user-registrations/#post-12120413)

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Attack via xmlrpc.php’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

## Tags

 * [XML-RPC](https://wordpress.org/support/topic-tag/xml-rpc/)

 * 2 replies
 * 1 participant
 * Last reply from: [gezafodor](https://wordpress.org/support/users/gezafodor/)
 * Last activity: [6 years, 5 months ago](https://wordpress.org/support/topic/attacking-via-xmlrpc-php/#post-12238991)
 * Status: resolved