Wordress Security - xmlrpc.php

One of the common problems with WordPress are attacks through the xmlrpc.php file. Defense against this attack is quite simple. It is possible to install some security plugin that can detect attempts to exploit this file and block these attacks, but this costs you the resources allocated by the web host. A smarter solution is to set blocking at the level of the hosting web server and its WAF (web application firewall).

In the administration of hosting services admin.hukot.net select webhosting/wordpress hosting tab, in the editation page you will find the Access Security block. There you can block the desired file, or add others, including entire directories - examples are given. Of course, the application will get to these files by itself, only access from the Internet will not get there.

If you require an IP/server to access a given blocked file, you simply allow access to the IP of the given service or server. We automatically enable, for example, access to JetPack services that depend on the xmlrpc.php file, so this plugin will not stop working for you.

Xmlrpc.php does not need to be exposed to the internet from the vast majority of WP instances unless you are using specific modules or WP remote control using this file.