Download - Stopping the WordPress XML-RPC Hack
![Page 1: Stopping the WordPress XML-RPC Hack](https://reader033.vdocuments.us/reader033/viewer/2022042607/559b73a31a28ab6f4f8b459d/html5/thumbnails/1.jpg)
Stopping the XML-RPC HackSimple Solutions for a Serious Problem
![Page 2: Stopping the WordPress XML-RPC Hack](https://reader033.vdocuments.us/reader033/viewer/2022042607/559b73a31a28ab6f4f8b459d/html5/thumbnails/2.jpg)
Adam Soucie
• Highforge
• Web Developer
• Content writer
![Page 3: Stopping the WordPress XML-RPC Hack](https://reader033.vdocuments.us/reader033/viewer/2022042607/559b73a31a28ab6f4f8b459d/html5/thumbnails/3.jpg)
• Allows WordPress to post on your behalf
• Allows access to WordPress clients
• Allows for ping backs and trackbacks
What is XML-RPC?
![Page 4: Stopping the WordPress XML-RPC Hack](https://reader033.vdocuments.us/reader033/viewer/2022042607/559b73a31a28ab6f4f8b459d/html5/thumbnails/4.jpg)
• Hijacks your website
without your knowledge
• Uses your site for a DDoS
attack
• Potentially gets your
domain labelled as a
spammer
Why is it dangerous?
![Page 5: Stopping the WordPress XML-RPC Hack](https://reader033.vdocuments.us/reader033/viewer/2022042607/559b73a31a28ab6f4f8b459d/html5/thumbnails/5.jpg)
• Add a filter to functions.php
• Prevent access to XMLRPC.php using .htaccess
• Use a plugin
How do you stop it?
![Page 6: Stopping the WordPress XML-RPC Hack](https://reader033.vdocuments.us/reader033/viewer/2022042607/559b73a31a28ab6f4f8b459d/html5/thumbnails/6.jpg)
• Completely disables XMLRPC.php
• Uses a filter
• One line of code
• Alternative for Jetpack users is 5 lines
Method 1: Functions.php
![Page 7: Stopping the WordPress XML-RPC Hack](https://reader033.vdocuments.us/reader033/viewer/2022042607/559b73a31a28ab6f4f8b459d/html5/thumbnails/7.jpg)
add_filter('xmlrpc_enabled', '__return_false');
Complete disable XML-RPC…
![Page 8: Stopping the WordPress XML-RPC Hack](https://reader033.vdocuments.us/reader033/viewer/2022042607/559b73a31a28ab6f4f8b459d/html5/thumbnails/8.jpg)
add_filter( 'xmlrpc_methods', 'remove_xmlrpc_pingback_ping' );!function remove_xmlrpc_pingback_ping( $methods ) {! unset( $methods['pingback.ping'] );! return $methods;!} ;
…or just block Pingbacks
![Page 9: Stopping the WordPress XML-RPC Hack](https://reader033.vdocuments.us/reader033/viewer/2022042607/559b73a31a28ab6f4f8b459d/html5/thumbnails/9.jpg)
• One command
• Blocks access at the server level for extra security
• Can also whitelist IPs to allow limited access
Method 2: .htaccess
![Page 10: Stopping the WordPress XML-RPC Hack](https://reader033.vdocuments.us/reader033/viewer/2022042607/559b73a31a28ab6f4f8b459d/html5/thumbnails/10.jpg)
<Files xmlrpc.php> Order Deny,Allow Deny from all </Files>
To block all access…
![Page 11: Stopping the WordPress XML-RPC Hack](https://reader033.vdocuments.us/reader033/viewer/2022042607/559b73a31a28ab6f4f8b459d/html5/thumbnails/11.jpg)
<Files xmlrpc.php> Order Deny,Allow Deny from all Allow from 987.654.321 </Files>
…or to Whitelist IPs
![Page 12: Stopping the WordPress XML-RPC Hack](https://reader033.vdocuments.us/reader033/viewer/2022042607/559b73a31a28ab6f4f8b459d/html5/thumbnails/12.jpg)
• Mimics the Functions.php method
• Perfect for non-coders
• Disable XML-RPC is the most common one
Method 3: Use a plugin
![Page 13: Stopping the WordPress XML-RPC Hack](https://reader033.vdocuments.us/reader033/viewer/2022042607/559b73a31a28ab6f4f8b459d/html5/thumbnails/13.jpg)
Any questions?
![Page 14: Stopping the WordPress XML-RPC Hack](https://reader033.vdocuments.us/reader033/viewer/2022042607/559b73a31a28ab6f4f8b459d/html5/thumbnails/14.jpg)
More info:
www.adamsoucie.com www.highforge.com
Illustrations by:
Tina Fiume