WordPress XML-RPC Brute Force Attacks

chris .

Over the past week or so, we’ve noticed an increase in the amount of WordPress sites being targeted by XML-RPC Brute force attacks. These attacks flood your site with lots of password attempts to break in to the site, and will likely cause the site to slow down.

XML-RPC is a simple, portable way to make remote procedure calls over HTTP. It can be used with Perl, Java, Python, C, C++, PHP and many other programming languages. WordPress, Drupal and most content management systems support XML-RPC.

Essentially XML-RPC in WordPress allows you to do things like remote publishing from other sites – generally though, it isn’t used a great deal. The general advice is that if you are not using XML-RPC or a plugin that relies on it such as Jetpack, that you block access by adding the following code to your sites htaccess:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

And if you would like to enable access just from one IP, say another server you own, you can do so by adding in an allow line just below the deny, switching the IP for your own:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from 123.123.123.123
</Files>

Or if preferred, you could utilise a plugin to do this for you such as this handy one.

If you are using Jetpack or XML-RPC in another way, you can sign up with a company such as Sucuri, who provide a specialist firewall service which watches for legitimate requests, and blocks repeated ones.

 

×