Protection WordPress xmlrpc.php

1

You are actually by default on mode PROXY with profile 'YOORshop defaut', this is good to know if need to reverse config back in case... Choose what you want to do in below choices :

We already protect all native wordpress sites on server by default !

However, if you need to use xmlrpc.php :

1. Change your nginx profile, go in your cpanel, in section 'Nginx', click on 'Nginx-Manager'

Nginx cPanel plugin
Choose first your domain and click 'Configure'
You are now in 'Application server', leave 'PROXY' and click 'Submit'
Leave httpd, and see dropdown list below text : "Select Application template"
Choose in this case template 'YOORshop xmlrpc', and click 'Submit'


2. Manage allowed IPs, if not using jetpack : Add this to your .htaccess, to restrict access to some IPs and protect this file from attacks, here is example with IP of our VPN :

<Files "xmlrpc.php">
order deny,allow
deny from all
allow from 87.98.172.169
</Files>

You can test and access your website from an IP not allowed on URL /xmlrpc.php, you must see a 403 forbidden

 

3. Manage allowed IPs with Jetpack, (don't use point 2 at same time), you will have to install this plugin which will manage automatically their IPs to allow :

Stop XML-RPC Attack
https://wordpress.org/plugins/stop-xmlrpc-attack/

Also Read

You are under ddos attack ?

    Ddos attack ? Let's talk about it in case we did not already intervene :) Naughty IPs...

Problem cpanel/website access/FTP-emails - Unblock IP

Symptom :Impossible to connect to your website or to cPanel, nothing is working anymore for you,...

Two-Factor authentication 2FA cPanel

Find the icon in cPanel, Security section: Two-factor authentication To configure 2FA, perform...

Unsufficient disk space

In order to satisfy existing customers who evolve using a lot of disk space (superior to 80GB)...

Issues with displaying website or error pages...

A problem may appear suddenly, and/or have been caused by your own actions like updates and...