How to close xmlrpc.php
Methods to close xmlrpc.php: 1. Use the "rm -rf xmlrpc.php" command to delete xmlrpc.php; 2. Use the mv command to move the xmlrpc.php file; 3. Use the chmod command to disable xmlrpc. All permissions of php.
The operating environment of this article: linux5.9.8 system, WordPress5.4.2 version, DELL G3 computer
Because the WordPress website used has modified the backend The address seems to be relatively safe, so I haven’t paid much attention to the logs of illegal logins to the website.
Today, the monitoring cloud alarm reported that the memory was low. After investigation, it was found that the website was scanned/brute force cracked. The log showed that the illegal login status had refreshed hundreds of pages.
Disable WordPress’s xmlrpc.php file to avoid brute force cracking
Analysis
Since there is a login failure record, first try to use the IP to enter the system log for matching. Select an IP that has been recorded for matching and execute the grep command:
grep "68.66.216.53" access.log
Seeing the log confirmed that the other party used POST to access the file/xmlrpc.php
Further use the command to track the number of occurrences of the xmlrpc.php file, and execute the grep and wc commands
grep "xmlrpc.php" access.log | wc -l
It shows that as of tonight, it has been detected in batches 57090 times
The key to solving
is to block/disable xmlrpc.php. In order to prevent possible side effects, I first searched Baidu and collected some information:
If the website program uses the pingback function, blocking xmlrpc.php will cause the function to be unusable
Use a plug-in such as JetPack, and then delete xmlrpc. php will cause website exception
Some components of the old version of WordPress depend on xmlrpc.php, and deleting it will cause some very strange problems
Currently, this site has nothing to do with the above three, so I can permanently solve this problem.
Use the rm -rf xmlrpc.php command to delete the xmlrpc.php file, but it is not recommended to delete it directly, because if something goes wrong, it will be troublesome without a backup.
Use the mv command to move this xmlrpc .php file (rename it as you like):
mv xmlrpc.php xmlrpc.php.sajdAo9ahnf$d9ha90hw9whw
Use the chmod command to disable all permissions of xmlrpc.php:
chmod 000 xmlrpc.php
The Apache server can set parameter jumps Transfer access:
<IfModule mod_alias.c> Redirect 301 /xmlrpc.php http://baidu.com </IfModule>
Nginx server can set parameters to prohibit access:
location ~* /xmlrpc.php {
deny all;
}Recommended study: "WordPress Tutorial"
The above is the detailed content of How to close xmlrpc.php. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1386
52
Is WordPress easy for beginners?
Apr 03, 2025 am 12:02 AM
WordPress is easy for beginners to get started. 1. After logging into the background, the user interface is intuitive and the simple dashboard provides all the necessary function links. 2. Basic operations include creating and editing content. The WYSIWYG editor simplifies content creation. 3. Beginners can expand website functions through plug-ins and themes, and the learning curve exists but can be mastered through practice.
What is the WordPress good for?
Apr 07, 2025 am 12:06 AM
WordPressisgoodforvirtuallyanywebprojectduetoitsversatilityasaCMS.Itexcelsin:1)user-friendliness,allowingeasywebsitesetup;2)flexibilityandcustomizationwithnumerousthemesandplugins;3)SEOoptimization;and4)strongcommunitysupport,thoughusersmustmanageper
Can I learn WordPress in 3 days?
Apr 09, 2025 am 12:16 AM
Can learn WordPress within three days. 1. Master basic knowledge, such as themes, plug-ins, etc. 2. Understand the core functions, including installation and working principles. 3. Learn basic and advanced usage through examples. 4. Understand debugging techniques and performance optimization suggestions.
How much does WordPress cost?
Apr 05, 2025 am 12:13 AM
WordPress itself is free, but it costs extra to use: 1. WordPress.com offers a package ranging from free to paid, with prices ranging from a few dollars per month to dozens of dollars; 2. WordPress.org requires purchasing a domain name (10-20 US dollars per year) and hosting services (5-50 US dollars per month); 3. Most plug-ins and themes are free, and the paid price ranges from tens to hundreds of dollars; by choosing the right hosting service, using plug-ins and themes reasonably, and regularly maintaining and optimizing, the cost of WordPress can be effectively controlled and optimized.
Should I use Wix or WordPress?
Apr 06, 2025 am 12:11 AM
Wix is suitable for users who have no programming experience, and WordPress is suitable for users who want more control and expansion capabilities. 1) Wix provides drag-and-drop editors and rich templates, making it easy to quickly build a website. 2) As an open source CMS, WordPress has a huge community and plug-in ecosystem, supporting in-depth customization and expansion.
How To Begin A WordPress Blog: A Step-By-Step Guide For Beginners
Apr 17, 2025 am 08:25 AM
Blogs are the ideal platform for people to express their opinions, opinions and opinions online. Many newbies are eager to build their own website but are hesitant to worry about technical barriers or cost issues. However, as the platform continues to evolve to meet the capabilities and needs of beginners, it is now starting to become easier than ever. This article will guide you step by step how to build a WordPress blog, from theme selection to using plugins to improve security and performance, helping you create your own website easily. Choose a blog topic and direction Before purchasing a domain name or registering a host, it is best to identify the topics you plan to cover. Personal websites can revolve around travel, cooking, product reviews, music or any hobby that sparks your interests. Focusing on areas you are truly interested in can encourage continuous writing
Is WordPress still free?
Apr 04, 2025 am 12:06 AM
The core version of WordPress is free, but other fees may be incurred during use. 1. Domain names and hosting services require payment. 2. Advanced themes and plug-ins may be charged. 3. Professional services and advanced features may be charged.
Why would anyone use WordPress?
Apr 02, 2025 pm 02:57 PM
People choose to use WordPress because of its power and flexibility. 1) WordPress is an open source CMS with strong ease of use and scalability, suitable for various website needs. 2) It has rich themes and plugins, a huge ecosystem and strong community support. 3) The working principle of WordPress is based on themes, plug-ins and core functions, and uses PHP and MySQL to process data, and supports performance optimization.
