In standard WordPress packages, the Pingback is enabled by default. The XML-RPC is used for Pingbacks. It allows remote blogs to notify your site when they have linked to your content. But attackers have found a way to exploit this feature and cause a Distributed Denial of Service (DDOS) attack against other websites and servers.
The WordPress version older than 3.8.2 could potentially be used in a DDOS attack.
How to Protect your site against WordPress XMLRPC Vulnerability
If you aren’t using the XMLRPC functionality on your website, the easiest way to protect the site against WordPress XMLRPC Vulnerability is to prevent access to the xmlrpc.php file. This can be done by adding the following in the .htaccess file.
# XMLRPC Vulnerability protection <Files xmlrpc.php> Order Deny,Allow Deny from all </Files>
The above code will block all access to the xmlrpc.php file. If you are using XMLRPC functionality on your website, you can whitelist the remote blog’s IPs in .htaccess file like below:
# XMLRPC Vulnerability protection <Files xmlrpc.php> Order Deny,Allow Deny from all Allow from <IP ADDRESS 1> Allow from <IP ADDRESS 2> </Files>
If you like this post and wish to receive more articles from us, please like our FB page: Grepitout
Your suggestions and feedbacks will encourage us and help to improve further, please feel free to write your comments.
For more details on our services, please drop us an E-mail at firstname.lastname@example.org