Title: xmlrpc.php
Last modified: August 22, 2016

---

# xmlrpc.php

 *  Resolved [craig.keefner](https://wordpress.org/support/users/craigkeefner/)
 * (@craigkeefner)
 * [11 years, 5 months ago](https://wordpress.org/support/topic/xmlrpcphp-5/)
 * I am experiencing “badguys” hammering on my server via xmlrpc.php and wondered
   if there are fixed IP addresses that Jetpack uses which I could Allow for in 
   my htaccess file (while denying all others).
 * I have Jetpack installed. If I disable completely xmlrpc is it safe to assume
   that any functionality available via Jetpack now will no longer be available.
 * thanks
 * Craig
 * [https://wordpress.org/plugins/jetpack/](https://wordpress.org/plugins/jetpack/)

Viewing 4 replies - 1 through 4 (of 4 total)

 *  Plugin Author [Jeremy Herve](https://wordpress.org/support/users/jeherve/)
 * (@jeherve)
 * Jetpack Mechanic 🚀
 * [11 years, 4 months ago](https://wordpress.org/support/topic/xmlrpcphp-5/#post-5632048)
 * Instead of completely disabling XML-RPC, I’d suggest disabling pingbacks only,
   as it’s the main vector of attack for spammers at the moment:
    [http://blog.sucuri.net/2014/03/more-than-162000-wordpress-sites-used-for-distributed-denial-of-service-attack.html](http://blog.sucuri.net/2014/03/more-than-162000-wordpress-sites-used-for-distributed-denial-of-service-attack.html)
 * You can use this small plugin to disable pingbacks:
    [https://wordpress.org/plugins/disable-xml-rpc-pingback/](https://wordpress.org/plugins/disable-xml-rpc-pingback/)
 *  Thread Starter [craig.keefner](https://wordpress.org/support/users/craigkeefner/)
 * (@craigkeefner)
 * [11 years, 4 months ago](https://wordpress.org/support/topic/xmlrpcphp-5/#post-5632049)
 * Thanks I didn’t see that one. I will try it on some sites.
 * My solution for now was confirm with one of my app/publishing partners what their
   dedicated IP address is so I could ALLOW via the htaccess file. They have one
   so that’s what I have done (and DENY all others). Also at server level am putting
   in some custom code with IPtables to further restrict badguys from the server
   in general.
 * For record I use Jetpack and have been looking to see what functionality I have
   lost but have not found any so far. I know they can’t access xmlrpc.
 * Thanks Jeremy
 * Craig
 *  Plugin Author [Jeremy Herve](https://wordpress.org/support/users/jeherve/)
 * (@jeherve)
 * Jetpack Mechanic 🚀
 * [11 years, 4 months ago](https://wordpress.org/support/topic/xmlrpcphp-5/#post-5632050)
 * You could whitelist Jetpack’s IP addresses as well, but these are subject to 
   change so things will break whenever we change our IP addresses in the future.
   It also becomes a pain whenever you want to use a new plugin or service. For 
   these reasons, I usually do not recommend whitelisting.
 * But in case you still need them, most of our IPs can be found here:
    [http://whois.arin.net/rest/org/AUTOM-93/nets](http://whois.arin.net/rest/org/AUTOM-93/nets)
   You’ll also need to 185.64.140.0/22 and a04:fa80::/29 to the list.
 *  Thread Starter [craig.keefner](https://wordpress.org/support/users/craigkeefner/)
 * (@craigkeefner)
 * [11 years, 4 months ago](https://wordpress.org/support/topic/xmlrpcphp-5/#post-5632051)
 * I’ve pulled the htaccess whitelist and just have anti-pingback enabled. I’ll 
   monitor and see how many process vamps latch onto apache. There are 3 or 4 at
   a time starting thread but then dying so maybe this will work.
 * Thanks Jeremy

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘xmlrpc.php’ is closed to new replies.

 * ![](https://ps.w.org/jetpack/assets/icon.svg?rev=2819237)
 * [Jetpack - WP Security, Backup, Speed, & Growth](https://wordpress.org/plugins/jetpack/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/jetpack/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/jetpack/)
 * [Active Topics](https://wordpress.org/support/plugin/jetpack/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/jetpack/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/jetpack/reviews/)

## Tags

 * [htaccess](https://wordpress.org/support/topic-tag/htaccess/)
 * [xmlprc](https://wordpress.org/support/topic-tag/xmlprc/)

 * 4 replies
 * 2 participants
 * Last reply from: [craig.keefner](https://wordpress.org/support/users/craigkeefner/)
 * Last activity: [11 years, 4 months ago](https://wordpress.org/support/topic/xmlrpcphp-5/#post-5632051)
 * Status: resolved