Title: xml rpc attack
Last modified: August 30, 2016

---

# xml rpc attack

 *  [wp169](https://wordpress.org/support/users/wp169/)
 * (@wp169)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/xml-rpc-attack/)
 * Hello,
 * In plugin log files I consistently see invalid login attempts from particular
   IP range. I have added this IP range to plugin ban list and added deny directive
   to htaccess file; my login.php is password protected.
 * I suspect the attack is using xmlrpc. I have disabled pingback and dos but cannot
   completely disable this feature as I use jetpack.
 * I continue to see the attacks in log file. Any ideas what might be happening?
   Is there a way block/allow xmlrpc only for specific ip range?
 * Thanks for your help!
 * [https://wordpress.org/plugins/better-wp-security/](https://wordpress.org/plugins/better-wp-security/)

Viewing 1 replies (of 1 total)

 *  [doubledworks](https://wordpress.org/support/users/doubledworks/)
 * (@doubledworks)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/xml-rpc-attack/#post-6641899)
 * I assume this attack is due to the latest xml-rpc vulnerability which iThemes
   suggested was brought to their attention via Sucuri. Since then an additional
   feature was added below the original xml-rpc feature to provide a second layer
   of protection and appears to be okay to set to block when using Jetpack and the
   like.
 * Having said that I found this post while searching though the forum as it appears
   Jetpack will work even when both xml-rpc settings are set to blocked. This is
   as most will be aware contrary to what this plugin suggest should happen.
 * I assume this is a bug following the addition of the recent xml-rpc feature.
 * If anyone knows what’s causing this it would be much appreciated.

Viewing 1 replies (of 1 total)

The topic ‘xml rpc attack’ is closed to new replies.

 * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=3529351)
 * [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/)
 * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/)

## Tags

 * [brute force attack](https://wordpress.org/support/topic-tag/brute-force-attack/)
 * [xmlrpc](https://wordpress.org/support/topic-tag/xmlrpc/)

 * 1 reply
 * 2 participants
 * Last reply from: [doubledworks](https://wordpress.org/support/users/doubledworks/)
 * Last activity: [10 years, 7 months ago](https://wordpress.org/support/topic/xml-rpc-attack/#post-6641899)
 * Status: not resolved