xmlrpc.php endpoint can be misused as en endpoint for brute force attacks.
If you do not use
xmlrpc.php for any integrations, you might as well disable it completely. Adding these lines to your
.htaccess file will disallow access to the endpoint for everyone.
public/.htaccess file and add
<Files xmlrpc.php> Require all denied </Files>
xmlrpc.php is required by some plugins, like Jetpack.
Give us your feedback on this article
Did this help you?
We have launched in the UK! 🇬🇧
Servebolt Cloud UK is now available to all clients. Our London data center will ensure that all clients with their majority of visitors in the UK experience extremely fast websites!