Jasinski Technical Wiki

Navigation

Home Page
Index
All Pages

Quick Search
»
Advanced Search »

Contributor Links

Create a new Page
Administration
File Management
Login/Logout
Your Profile

Other Wiki Sections

Software

PoweredBy

Protecting Against XMLRPC.PHP Exploits on WordPress Sites

RSS
Modified on Thu, Feb 02, 2017, 12:50 PM by Administrator Categorized as WordPress

Overview

WordPress sites come with an xmlrpc.php file, which tends to be an attack vector. This article describes how to avoid this.

Procedure

1. Rename the xmlrpc.php file, which is typically found in /var/www/html.

2. Adjust the Apache configuration — /etc/httpd/conf/httpd.conf — to include the following.

If there is a <VirtualHost> section, it should be included there; otherwise, include it after the <Directory> section.

<Files "xmlrpc.php">
  order allow,deny
  deny from all
</Files>

ScrewTurn Wiki version 3.0.1.400. Some of the icons created by FamFamFam. Except where noted, all contents Copyright © 1999-2018, Patrick Jasinski.