. Daniel CID of Sucuri explained this very well in october2015. \
To make sure that no one on the plane is carrying a bomb, you have to queue through metal detectors. If you want to keep your car during shopping, please lock the door and close the window. You cannot use e-mail protection to lock websites. This is especially true if you prefer to use jetpack or mobile applications. What can I do with XML-RPC security? Understand that the security issue is not really XML-RPC itself. The problem is that an attacker can use it as another method of indifferently substituting user names and passwords. Therefore, the best way to protect yourself is (still) to use long and complex passwords (or use a password manager that can generate passwords). But it’s not always easy, especially using word press from multiple computers. The
Today, in order to protect yourself, the secondary measure you can take is to completely turn off XML-RPC in your settings Some additional content to the htaccess file is XMLRPC. You can lock access to PHP files. The method is as follows: Male reference: before change. View the policies of users who create and edit htaccess on the web host. Existing. Check the htaccess file. The web host documentation can tell you the right direction. If the file does not exist, create it in the htdocs\/wordpress folder. Open the file in a text editor and add the following code near the top: Important Rae write\/5d662cda874fcc8a8850b16b8df0e5dd during loading, the disable XML-RPC plug-in can be installed and activated to simplify the process. The
Xmlrpc Disabling PHP will terminate all tools that use this file. WordPress can still be used on your phone or tablet. Instead of mobile applications, you can: WordPress partially disables XML-RPC and therefore relies on all tools that rely on XML-RPC. I really know you don’t want to turn off XML-RPC for a while. Here are some plug-ins that might help: Stop XML-RPC attacks: jetpack and other automatic tools only. Through htaccess XMLRPC. You can access PHP. XML-RPC publishing control: simply restore the previous remote publishing option to the Settings > write menu. Ithemes security, anti malware security and indifference proxy firewall and all-in-one WP security and firewall: this universal security tool includes indifference proxy protection of the free layer. They are XMLRPC. Monitor repeated login attempts with or without PHP and block sites that appear to be intruding. I have successfully used the ithemes tool for several years. Wordfence, a major security plug-in, decided not to disable XML-RPC. In his blog post, mark wrote:
