How to close xmlrpc.php

Methods to close xmlrpc.php: 1. Use the "rm -rf xmlrpc.php" command to delete xmlrpc.php; 2. Use the mv command to move the xmlrpc.php file; 3. Use the chmod command to disable xmlrpc. All permissions of php.

The operating environment of this article: linux5.9.8 system, WordPress5.4.2 version, DELL G3 computer

Because the WordPress website used has modified the backend The address seems to be relatively safe, so I haven’t paid much attention to the logs of illegal logins to the website.

Today, the monitoring cloud alarm reported that the memory was low. After investigation, it was found that the website was scanned/brute force cracked. The log showed that the illegal login status had refreshed hundreds of pages.

Disable WordPress’s xmlrpc.php file to avoid brute force cracking

Analysis

Since there is a login failure record, first try to use the IP to enter the system log for matching. Select an IP that has been recorded for matching and execute the grep command:

grep "68.66.216.53" access.log

Seeing the log confirmed that the other party used POST to access the file/xmlrpc.php

Further use the command to track the number of occurrences of the xmlrpc.php file, and execute the grep and wc commands

grep "xmlrpc.php" access.log | wc -l

It shows that as of tonight, it has been detected in batches 57090 times

The key to solving

is to block/disable xmlrpc.php. In order to prevent possible side effects, I first searched Baidu and collected some information:

• If the website program uses the pingback function, blocking xmlrpc.php will cause the function to be unusable

• Use a plug-in such as JetPack, and then delete xmlrpc. php will cause website exception

• Some components of the old version of WordPress depend on xmlrpc.php, and deleting it will cause some very strange problems

Currently, this site has nothing to do with the above three, so I can permanently solve this problem.

Use the rm -rf xmlrpc.php command to delete the xmlrpc.php file, but it is not recommended to delete it directly, because if something goes wrong, it will be troublesome without a backup.

Use the mv command to move this xmlrpc .php file (rename it as you like):

mv   xmlrpc.php    xmlrpc.php.sajdAo9ahnf$d9ha90hw9whw

Use the chmod command to disable all permissions of xmlrpc.php:

chmod   000   xmlrpc.php

The Apache server can set parameter jumps Transfer access:

<IfModule mod_alias.c> 
Redirect 301 /xmlrpc.php http://baidu.com 
</IfModule>

Nginx server can set parameters to prohibit access:

location ~* /xmlrpc.php { 
deny all; 
}

Recommended study: "WordPress Tutorial"

The above is the detailed content of How to close xmlrpc.php. For more information, please follow other related articles on the PHP Chinese website!