Home > CMS Tutorial > WordPress > How to close xmlrpc.php

How to close xmlrpc.php

藏色散人
Release: 2023-02-15 14:45:45
Original
4117 people have browsed it

Methods to close xmlrpc.php: 1. Use the "rm -rf xmlrpc.php" command to delete xmlrpc.php; 2. Use the mv command to move the xmlrpc.php file; 3. Use the chmod command to disable xmlrpc. All permissions of php.

How to close xmlrpc.php

The operating environment of this article: linux5.9.8 system, WordPress5.4.2 version, DELL G3 computer

Because the WordPress website used has modified the backend The address seems to be relatively safe, so I haven’t paid much attention to the logs of illegal logins to the website.

Today, the monitoring cloud alarm reported that the memory was low. After investigation, it was found that the website was scanned/brute force cracked. The log showed that the illegal login status had refreshed hundreds of pages.

How to close xmlrpc.php

Disable WordPress’s xmlrpc.php file to avoid brute force cracking

Analysis

Since there is a login failure record, first try to use the IP to enter the system log for matching. Select an IP that has been recorded for matching and execute the grep command:

grep "68.66.216.53" access.log
Copy after login

Seeing the log confirmed that the other party used POST to access the file/xmlrpc.php

How to close xmlrpc.php

Further use the command to track the number of occurrences of the xmlrpc.php file, and execute the grep and wc commands

grep "xmlrpc.php" access.log | wc -l
Copy after login

It shows that as of tonight, it has been detected in batches 57090 times

How to close xmlrpc.php

The key to solving

is to block/disable xmlrpc.php. In order to prevent possible side effects, I first searched Baidu and collected some information:

  • If the website program uses the pingback function, blocking xmlrpc.php will cause the function to be unusable

  • Use a plug-in such as JetPack, and then delete xmlrpc. php will cause website exception

  • Some components of the old version of WordPress depend on xmlrpc.php, and deleting it will cause some very strange problems

Currently, this site has nothing to do with the above three, so I can permanently solve this problem.

Use the rm -rf xmlrpc.php command to delete the xmlrpc.php file, but it is not recommended to delete it directly, because if something goes wrong, it will be troublesome without a backup.

Use the mv command to move this xmlrpc .php file (rename it as you like):

mv   xmlrpc.php    xmlrpc.php.sajdAo9ahnf$d9ha90hw9whw
Copy after login

Use the chmod command to disable all permissions of xmlrpc.php:

chmod   000   xmlrpc.php
Copy after login

How to close xmlrpc.php

The Apache server can set parameter jumps Transfer access:

<IfModule mod_alias.c> 
Redirect 301 /xmlrpc.php http://baidu.com 
</IfModule>
Copy after login

Nginx server can set parameters to prohibit access:

location ~* /xmlrpc.php { 
deny all; 
}
Copy after login

Recommended study: "WordPress Tutorial"

The above is the detailed content of How to close xmlrpc.php. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template