You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
XMLRPC is used by external blogging clients (like MarsEdit) to write your content locally and then push it to the WP site. I'm 99% sure we don't allow this and should just block access to XMLRPC. We're seeing it probed today on ADA Pacific in some attempt to hack the site.
I'm not worried, but we could stop the calls from being handled by WP at all and rejected at the server level with an adjustment to our .htaccess rules. The code below blocks everyone but the specifically allowed IP address. I don't think we need to allow anything though.
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from 123.123.123.123
</Files>
The text was updated successfully, but these errors were encountered:
XMLRPC is used by external blogging clients (like MarsEdit) to write your content locally and then push it to the WP site. I'm 99% sure we don't allow this and should just block access to XMLRPC. We're seeing it probed today on ADA Pacific in some attempt to hack the site.
I'm not worried, but we could stop the calls from being handled by WP at all and rejected at the server level with an adjustment to our
.htaccessrules. The code below blocks everyone but the specifically allowed IP address. I don't think we need to allow anything though.The text was updated successfully, but these errors were encountered: