WordPress XMLRPC attacks – How to prevent

Wordpress XMLRPC

What is wordpress XMLRPC

RPC stands for Remote Procedure Call. WordPress XMLRPC is a protocol which allows remote systems to communicate with WordPress. The language to communicate is XML.

With WordPress XMLRPC support, you can post to your WordPress blog using many popular Weblog Clients.

XML-RPC functionality is turned on by default since WordPress 3.5.

Brute Force Attack through wordpress XMLRPC

Attackers user system.multicall method in XML-RPC to create hundreds of request combined in a single request to attack a system i.e. mostly to guess the username and password to the system. This is called as Brute Force Amplification Attacks  via WordPress XML-RPC

How to prevent XMLRPC attack

  1. The most recommended way is to disable XML-RPC completely. To disable XML-RPC completely add following to your APACHE configuration file.
  1. Some plugins in wordpress e.g. Jetpack is based on XML-RPC. In that case it is not possible to disable XML-RPC entirely. In that case you can disable system.multicall requests through your firewall
  2. Check server logs regularly and find IPs trying to access XML-RPC. Any suspicious IP can be blocked through your Firewall or iptables. Here are some sample logs