Title: xmlrpc ddos exploit?
Last modified: August 31, 2016

---

# xmlrpc ddos exploit?

 *  [online-marketing-1](https://wordpress.org/support/users/online-marketing-1/)
 * (@online-marketing-1)
 * [10 years ago](https://wordpress.org/support/topic/xmlrpc-ddos-exploit/)
 * We had to turn off xmlrpc requests from server side, as someone managed to start
   a ddos attack using that service.
 * I am not sure, but this issue seems noteworthy

Viewing 1 replies (of 1 total)

 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [10 years ago](https://wordpress.org/support/topic/xmlrpc-ddos-exploit/#post-7374086)
 * It’s also old and well discussed and is not an exploit. It is a DoS though.
 * Give this a read.
 * [https://codex.wordpress.org/Brute_Force_Attacks](https://codex.wordpress.org/Brute_Force_Attacks)
 * If you have the option then consider enabling Brute Protect via the Jetpack plugin.
 * [https://wordpress.org/plugins/jetpack/](https://wordpress.org/plugins/jetpack/)
 * [https://jetpack.com/2015/10/12/jetpack-protection-from-brute-force-xml-rpc-attacks/](https://jetpack.com/2015/10/12/jetpack-protection-from-brute-force-xml-rpc-attacks/)
 * That works very well.

Viewing 1 replies (of 1 total)

The topic ‘xmlrpc ddos exploit?’ is closed to new replies.

## Tags

 * [ddos](https://wordpress.org/support/topic-tag/ddos/)
 * [exploit](https://wordpress.org/support/topic-tag/exploit/)
 * [xmlrpc](https://wordpress.org/support/topic-tag/xmlrpc/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 1 reply
 * 2 participants
 * Last reply from: [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * Last activity: [10 years ago](https://wordpress.org/support/topic/xmlrpc-ddos-exploit/#post-7374086)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics