How to close xmlrpc.php
Methods to close xmlrpc.php: 1. Use the "rm -rf xmlrpc.php" command to delete xmlrpc.php; 2. Use the mv command to move the xmlrpc.php file; 3. Use the chmod command to disable xmlrpc. All permissions of php.
The operating environment of this article: linux5.9.8 system, WordPress5.4.2 version, DELL G3 computer
Because the WordPress website used has modified the backend The address seems to be relatively safe, so I haven’t paid much attention to the logs of illegal logins to the website.
Today, the monitoring cloud alarm reported that the memory was low. After investigation, it was found that the website was scanned/brute force cracked. The log showed that the illegal login status had refreshed hundreds of pages.
Disable WordPress’s xmlrpc.php file to avoid brute force cracking
Analysis
Since there is a login failure record, first try to use the IP to enter the system log for matching. Select an IP that has been recorded for matching and execute the grep command:
grep "68.66.216.53" access.log
Seeing the log confirmed that the other party used POST to access the file/xmlrpc.php
Further use the command to track the number of occurrences of the xmlrpc.php file, and execute the grep and wc commands
grep "xmlrpc.php" access.log | wc -l
It shows that as of tonight, it has been detected in batches 57090 times
The key to solving
is to block/disable xmlrpc.php. In order to prevent possible side effects, I first searched Baidu and collected some information:
If the website program uses the pingback function, blocking xmlrpc.php will cause the function to be unusable
Use a plug-in such as JetPack, and then delete xmlrpc. php will cause website exception
Some components of the old version of WordPress depend on xmlrpc.php, and deleting it will cause some very strange problems
Currently, this site has nothing to do with the above three, so I can permanently solve this problem.
Use the rm -rf xmlrpc.php command to delete the xmlrpc.php file, but it is not recommended to delete it directly, because if something goes wrong, it will be troublesome without a backup.
Use the mv command to move this xmlrpc .php file (rename it as you like):
mv xmlrpc.php xmlrpc.php.sajdAo9ahnf$d9ha90hw9whw
Use the chmod command to disable all permissions of xmlrpc.php:
chmod 000 xmlrpc.php
The Apache server can set parameter jumps Transfer access:
<IfModule mod_alias.c> Redirect 301 /xmlrpc.php http://baidu.com </IfModule>
Nginx server can set parameters to prohibit access:
location ~* /xmlrpc.php {
deny all;
}Recommended study: "WordPress Tutorial"
The above is the detailed content of How to close xmlrpc.php. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How To Begin A WordPress Blog: A Step-By-Step Guide For Beginners
Apr 17, 2025 am 08:25 AM
Blogs are the ideal platform for people to express their opinions, opinions and opinions online. Many newbies are eager to build their own website but are hesitant to worry about technical barriers or cost issues. However, as the platform continues to evolve to meet the capabilities and needs of beginners, it is now starting to become easier than ever. This article will guide you step by step how to build a WordPress blog, from theme selection to using plugins to improve security and performance, helping you create your own website easily. Choose a blog topic and direction Before purchasing a domain name or registering a host, it is best to identify the topics you plan to cover. Personal websites can revolve around travel, cooking, product reviews, music or any hobby that sparks your interests. Focusing on areas you are truly interested in can encourage continuous writing
How to display child categories on archive page of parent categories
Apr 19, 2025 pm 11:54 PM
Do you want to know how to display child categories on the parent category archive page? When you customize a classification archive page, you may need to do this to make it more useful to your visitors. In this article, we will show you how to easily display child categories on the parent category archive page. Why do subcategories appear on parent category archive page? By displaying all child categories on the parent category archive page, you can make them less generic and more useful to visitors. For example, if you run a WordPress blog about books and have a taxonomy called "Theme", you can add sub-taxonomy such as "novel", "non-fiction" so that your readers can
How to get logged in user information in WordPress for personalized results
Apr 19, 2025 pm 11:57 PM
Recently, we showed you how to create a personalized experience for users by allowing users to save their favorite posts in a personalized library. You can take personalized results to another level by using their names in some places (i.e., welcome screens). Fortunately, WordPress makes it very easy to get information about logged in users. In this article, we will show you how to retrieve information related to the currently logged in user. We will use the get_currentuserinfo(); function. This can be used anywhere in the theme (header, footer, sidebar, page template, etc.). In order for it to work, the user must be logged in. So we need to use
How to adjust the wordpress article list
Apr 20, 2025 am 10:48 AM
There are four ways to adjust the WordPress article list: use theme options, use plugins (such as Post Types Order, WP Post List, Boxy Stuff), use code (add settings in the functions.php file), or modify the WordPress database directly.
Is WordPress easy for beginners?
Apr 03, 2025 am 12:02 AM
WordPress is easy for beginners to get started. 1. After logging into the background, the user interface is intuitive and the simple dashboard provides all the necessary function links. 2. Basic operations include creating and editing content. The WYSIWYG editor simplifies content creation. 3. Beginners can expand website functions through plug-ins and themes, and the learning curve exists but can be mastered through practice.
How to sort posts by post expiration date in WordPress
Apr 19, 2025 pm 11:48 PM
In the past, we have shared how to use the PostExpirator plugin to expire posts in WordPress. Well, when creating the activity list website, we found this plugin to be very useful. We can easily delete expired activity lists. Secondly, thanks to this plugin, it is also very easy to sort posts by post expiration date. In this article, we will show you how to sort posts by post expiration date in WordPress. Updated code to reflect changes in the plugin to change the custom field name. Thanks Tajim for letting us know in the comments. In our specific project, we use events as custom post types. Now
How to display query count and page loading time in WordPress
Apr 19, 2025 pm 11:51 PM
One of our users asked other websites how to display the number of queries and page loading time in the footer. You often see this in the footer of your website, and it may display something like: "64 queries in 1.248 seconds". In this article, we will show you how to display the number of queries and page loading time in WordPress. Just paste the following code anywhere you like in the theme file (e.g. footer.php). queriesin
Can I learn WordPress in 3 days?
Apr 09, 2025 am 12:16 AM
Can learn WordPress within three days. 1. Master basic knowledge, such as themes, plug-ins, etc. 2. Understand the core functions, including installation and working principles. 3. Learn basic and advanced usage through examples. 4. Understand debugging techniques and performance optimization suggestions.
