Hit by an xmlrpc.php attack | ww.wp.xz.cn

3dpc
(@3dpc)

11 years, 4 months ago

Hi,

My website was recently attacked with an xmlrpc.php attack.

So far I’ve done the following things to improve the website security:
– Updated all WordPress, plugins and the theme to the latest versions.
– Installed Login Security Solution (supposed to rate-limit both wp-login.php and XML-RPC)

I read here that implementing the following piece of code in my .htaccess file would be helpful, can someone confirm this?:
RewriteRule ^xmlrpc\.php$ “http\:\/\/0\.0\.0\.0\/” [R=301,L]

What else can I do to improve the security of my website and avoid getting hit with an xmlrpc.php attack again?

Thanks,
3dpc

Viewing 1 replies (of 1 total)

Thread Starter 3dpc
(@3dpc)

11 years, 4 months ago

At another blog post I read that I could implement this code snippet in the .htaccess file. Any ideas which is best to implement?

<Files xmlrpc.php>
Order allow,deny
Deny from all
</Files>

http://antti.vilpponen.net/2013/08/26/how-to-mitigate-a-wordpress-xmlrpc-php-attack/

Viewing 1 replies (of 1 total)

The topic ‘Hit by an xmlrpc.php attack’ is closed to new replies.

Tags

In: Fixing WordPress
1 reply
1 participant
Last reply from: 3dpc
Last activity: 11 years, 4 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics