WordPress attacks

Millions of sites in the world use WordPress to build and manage their sites, from individuals to multinationals. An exploit using the ability to post to the site from mobile devices can be closed off if that functionality is not being used.

Add these lines to the .htaccess for the site:

<Files xmlrpc.php>
Order allow,deny
Deny from all
</Files>

A number of 3rd party plugins use this function, so blocking it may break plugins. Some of the most well-known plugins that require XML-RPC are:

WordPress Mobile App
JetPack (just some parts of it)
LibSyn (for podcasts)
BuddyPress
Windows Live Writer

But for the vast majority of WordPress sites the XML-RPC function isn’t used and can be used as an exploit, hence it is best to disable it.

Let us know if you need this security measure applied to your Antelope hosted CMS site.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.