Should I be blocking domain.com/xmlrpc.php attempts?

  • Resolved TGoedde

    (@tgoedde)


    4 years, 2 months ago

    I get a lot of Wordfence blocked attempts for my https://www.domain.com/xmlrpc.php. They appear blocked by Wordfence, but should I be doing a manual BLOCK IP for those attempts? If the attempts are US based, are they legit viewers tying to look at the site or are they malicious attempts at using the .php file?

    Are the Wordfence Type:Blocked red X really blocked or just a warning notice?

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @tgoedde, thanks for reaching out over this.

    The setting to disable XML-RPC authentication can be done by checking the “Disable XML-RPC authentication” box in Wordfence > Login Security > Settings. Manual attempts to access the XML-RPC file itself rather than authentication attempts are commonly tried by attackers so you could add the following code to .htaccess if you are certain no plugins you use (such as Jetpack) require access:

    # Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

    If you’re referring to Live Traffic blocks with the red X, those are access attempts that Wordfence has blocked either due to the internal block list, or it has violated one of the restrictions set in Wordfence for your site. Under Wordfence > All Options > Rate Limiting, they will be blocked for as long as How long is an IP address blocked when it breaks a rule is set to. If you wish to increase this to prevent repeated attempts by the same IP after the value set has elapsed, you can adjust it to your liking.

    Thanks,

    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘Should I be blocking domain.com/xmlrpc.php attempts?’ is closed to new replies.