Protect Your WordPress Sites Against A New XML-RPC Threat

A couple of weeks ago, we launched a new feature in iThemes Security. This new feature blocks attacks that attempt to exploit XML-RPC to perform hundreds of username and password guesses with each request. You can find details about this type of attack in this post by Sucuri. Some new tools are now available which automate XML-RPC attacks.

Avatar photo
SolidWP Editorial Team
A couple of weeks ago, we launched a new feature in iThemes Security. This new feature blocks attacks that attempt to exploit XML-RPC to perform hundreds of username and password guesses with each request. You can find details about this type of attack in this post by Sucuri.
Some new tools are now available which automate XML-RPC attacks. This means that these attacks are likely to become much more common. Now is the time to make sure that your sites are protected against this type of attack.

How to Protect Your WordPress Sites Against XML-RPC Threats

Do the following to ensure that your WordPress sites are protected:
  1. Ensure that your site is running the latest version of iThemes Security (version 5.1.0) or iThemes Security Pro (version 2.0.1).
  2. Go to Security > Settings.
  3. Scroll to the WordPress Tweaks section.
  4. Change the “Multiple Authentication Attempts per XML-RPC Request” setting to “Block“.
  5. If your site does not use the Jetpack plugin, the WordPress mobile app, or a service that requires XML-RPC, change the “XML-RPC” setting to “Disable XML-RPC“.
  6. Click the “Save All Changes” button.

Get iThemes Security Pro

Did you like this article? Spread the word: