Disable xmlrpc.php question??

  • Resolved epgb101

    (@epgb101)


    1 year, 2 months ago

    Hi.

    I have a user based buddypress/subscriber site. Are there times when a legitimate user needs to login using acces xmlrpc.php? In other words if I disable xmlrpc.php – will I be blocking my members from logging in? (none of these are admins but I may enable some editors later – but they can still login via the usual login page and edit on desktop/mobile/tablet – even with xmlrpc.php disabled right?)

    I am asking as I am seeing all these mysite.com/xmlrpc.php login attempts.

    Thanks

    • This topic was modified 1 year, 2 months ago by epgb101.
    • This topic was modified 1 year, 2 months ago by epgb101.
    • This topic was modified 1 year, 2 months ago by epgb101.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @epgb101

    We are unable to tell you if you or anyone else on your site needs to login via the XML-RPC interface now or in the future – it is very unlikely that you would allow members to use that.

    For example, if you install the application for WordPress on a smart phone or a tablet you will see that the login page doesn’t exist – that is because the application logs you in via the XML-RPC interface and not the login page below:

    example[.]com/wp-login.php

    You can set our recommended brute force login attack protection rules. Instructions are in the link below. You can quickly find these options in the Brute Force Protection section on the All Options page:

    https://www.wordfence.com/help/firewall/brute-force/

    These rules also protect the WordPress XML-RPC interface with some useful background information below:

    https://www.wordfence.com/blog/2017/01/xmlrpc-wp-login-brute-force/

    Thread Starter epgb101

    (@epgb101)

    Thank you – that answers it very well ??

    Plugin Support wfphil

    (@wfphil)

    Hi @epgb101

    You are very welcome.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Disable xmlrpc.php question??’ is closed to new replies.