Need help? Call us on 1300 789 260

WordPress XMLRPC Vulnerability

Difficulty: Intermediate


A part of the standard WordPress package, Pingbacks allow remote blogs to notify your site when they have linked to your content. Unfortunately, hackers have found a way to exploit this in order to cause a Distributed Denial of Service (DDOS) attack against other websites and servers. If you're a version of running WordPress older than 3.8.2 , it means that your website could potentially be used in a DDOS attack.

Conetix highly recommends that you ensure your WordPress installation is kept up-to-date. This vulnerability has been fixed for WordPress versions 3.8.2 and above.

Preventing Access

  1. To prevent access to the xmlrpc.php file, the easiest way is to edit your .htaccess. You can do this via the Plesk File Manager or edit locally and FTP the file back to the server. Add the following:
    # XMLRPC Pingback DDOS Prevention
    <Files xmlrpc.php>
    	Order Deny,Allow
    	Deny from all
  2. This will block all access to the XML-RPC for WordPress as soon as the file is saved.

Further Reading

Was this article helpful? Yes No

Having trouble? We’re here to help!

We’ve built our company with a serious focus on quality service. Feel free to give us a call!

1300 789 260