Best setting to block XMLRPC.php

I know I can use this to block unwanted access is there any easy way to set this up, Or maybe allow certain applications ONLY? So if I have an Elementor plugin for WordPress I can just put the name in the Cloudflare page firewall rule instead of the IP address…?

Other rules I can set is

(http.request.uri.path eq “/xmlrpc.php”) and not cf.client.bot

This rule above will block all requests to xmlrpc.php that are not coming from verified bots. I can choose “Block” or “Challenge”

Are there any other good rules?

This is the best way to block the access. If you have plugins that run on the server itself, then you can add the IP address of the server to the allow list.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.