Block XML RPC in WordPress using CloudFlare’s firewall
source link: https://www.stevefenton.co.uk/2021/10/block-xml-rpc-in-wordpress-using-cloudflares-firewall/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Block XML RPC in WordPress using CloudFlare’s firewall
There is a long-standing brute-force issue with the WordPress /xmlrpc.php
file. You can (and probably should) switch this off in your website using an .htaccess
rule. This stops the requests, but uses up your server resources to check and reject them. If you have Cloudflare, you can stop them at the firewall, which means your web server doesn’t even get hit for the request.
So, once you’ve changed your .htaccess
to include this…
<Files xmlrpc.php> order deny,allow deny from all </Files>
You should also set up a Cloudflare firewall rule like this:
- Rule Name: Block XML RPC (xmlrpc.php)
- Field: URI Path
- Operator: contains
- Value: xmlrpc.php
- Then…: Block
Or, using the expression editor, enter (http.request.uri.path contains "xmlrpc.php")
Hit “DEPLOY” to set your rule live and then test it using the following:
/xmlrpc.php
//xmlrpc.php
This second item is a common attempt to get around blocking rules.
Recommend
-
31
XML-RPC is yet another method of implementing remote procedure calls. It used XML over HTTP to transmit data. In my past live working at
-
1
Replacing Cloudflare with CSF FirewallMarch 8th, 2021 update: For the past year, this blog has been using Bunny CDN as a
-
1
Webcasts and Events ...
-
3
Using Cloudflare with an SSL certificate and WordPress Overview Adding an SSL certificate to your WordPress site is an excellent first step towards securing your data. You also hav...
-
5
Trackback,Pingback及XML-RPC 浏览:2718次 出处信息 WordPress 中的留言有三种类型,分别是普通评论、Pingba...
-
4
In a new video from Google, Developer Advocate Alan Kent shares six ways to optimize JavaScript to improve the performance of your website. Kent identifies common performance problems caused by JavaScript and goes over steps you can take to...
-
1
Using The New Constrained Layout In WordPress Block Themes
-
2
Cloudflare announces Firewall for AI Firewall for AI will analyze user prompts to large language models to identify attempts to extract data or otherwise...
-
1
We've added JavaScript-native RPC to Cloudflare Workers04/05/202413 min read
-
2
Block/Unblock exe in Windows Firewall using right-click menu (updated thanks to ghjbnm's comment below) · GitHub Instantly share code, notes, and snippets. ...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK