Hello!
I recently noticed that my wordpress server was recieving a lot of attention
on /xmlrpc.php. I blocked all access to that URI, though there is still VPSs trying to access it. How can I mass report them? I tried emailing each VPS provider about this, but by the time that I send a support ticket, 2 more VPSs appear.
Note: I have the situation under control, though I wanna help out VPS providers.
Best regards,
David.
Within the WordPress universe, it’s kind of normal and expected that you’d get lots of requests for this path. It was created to allow blogs to ping and embed each other, but has since turned into a spam opportunity. Unless you have specifically disabled it, your website may be advertising its availability to the world (it does in a standard WP installation).
It would be very hard — and tbh a waste of your time — for you to filter out legit, non-malicious /xmlrpc.php requests from the spamming or otherwise malicious ones.
If you search online for wordpress xmlrmp.php you’ll find many blogs that detail what it is, and how to disable it from your installation.
Even disabling XML-RPC will not stop automated bots from trying to access the URL, as there are a million ways to identify a WordPress site.
@rakyxmc: If you’ve blocked the URL (especially at Cloudflare’s external WAF far away from the origin server), then you should not give any thought to such requests at all.
There’s absolutely NOTHING you can do to prevent bots from trying to access any URL on your site… but as far as you have adequate security in place to block such access requests from even reaching your origin, there should be nothing to worry about.
Good point! I wasn’t trying to imply otherwise. But if OP’s intention was to report requests to the /xmlrpc.php path, it wouldn’t make sense to report requests that could conceivably have been “invited”, so to speak, by the advertising of the service. A standard WP installation, depending on its settings, will send headers like:
X-Pingback: https://example.com/xmlrpc.php
Disabling XML-RPC or somehow removing these headers is a good first step towards reducing those requests coming from legit bots.
Right. And of course malicious bots will request that path even to non-WP sites.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.