• Resolved magedmoh94

    (@magedmoh94)


    Hi There,

    I want to disable the XMLRPC completely to limit the brute force attacks but i found 3 options in the XMLRPC tab which one is to be disabled ?

    Block default xmlrpc.php (i set this to yes)
    Disable XML-RPC authentication ( i set this to no )
    Remove pingback( i set this to yes )

    I need the best recomended answers to disable the xmlrpc completely

    Best Regards

    The page I need help with: [log in to see the link]

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Contributor Maya

    (@tdgu)

    Hi,
    Yes you need to use the Block default xmlrpc.php set this to Yes. You need to fill in the New XML-RPC Path with a custom value, i suggest to make it hard to guess.
    Also set to Yes the option Remove rsd_link Meta at WP Hide > General / HTML > Meta.

    Thanks

    Thread Starter magedmoh94

    (@magedmoh94)

    Hi,

    Thank you for your reply

    So i need to set the block default xmlrpc to yes as you said.

    What about the Disable XML-RPC authentication & Remove pingback ? Are they related to xmlrpc that can be used for brute force attacks ? Also set them to which values ?

    Last thing what is this for ( Remove rsd_link Meta ) ?

    Best Regards

    Plugin Contributor Maya

    (@tdgu)

    Hi,
    The Disable XML-RPC authentication should always be set to No, unless need to disable authentication when calling the service.
    Remove rsd_link Meta remove the front tag which outputs the actual XML-RPC link. So there is no way for anyone to figure out which is the new service url.

    Thanks

    Thread Starter magedmoh94

    (@magedmoh94)

    Thank you so much that’s great,

    Last thing: what about this Remove pingback ? Set it to yes or no and is it related to xmlrpc ?

    Best Regards

    Plugin Contributor Maya

    (@tdgu)

    Yes the pingback is related to xmlrpc and consist on a html tag with a rel="pingback" attribute and value to the xmlrpc. If need to block this service, i recommend to set this option to Yes to it does not outputs the new xmlrpc url.

    Thanks

    Thread Starter magedmoh94

    (@magedmoh94)

    i want to secure the XMLRPC from brute force attacks completley, so i need to set the Remove pingback to yes as i have done this is the right, right ?

    Plugin Contributor Maya

    (@tdgu)

    Yes you are correct.

    Thread Starter magedmoh94

    (@magedmoh94)

    thank you so much, we will have the premium version in couple of months to support the effort you made, we really appreciate this thank you so much

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Disable XMLRPC’ is closed to new replies.