Protect Your WordPress Sites Against A New XML-RPC Threat
A couple of weeks ago, we launched a new feature in iThemes Security. This new feature blocks attacks that attempt to exploit XML-RPC to perform hundreds of username and password guesses with each request. You can find details about this type of attack in this post by Sucuri. Some new tools are now available which automate XML-RPC attacks.
A couple of weeks ago, we launched a new feature in iThemes Security. This new feature blocks attacks that attempt to exploit XML-RPC to perform hundreds of username and password guesses with each request. You can find details about this type of attack in this post by Sucuri.
Some new tools are now available which automate XML-RPC attacks. This means that these attacks are likely to become much more common. Now is the time to make sure that your sites are protected against this type of attack.
How to Protect Your WordPress Sites Against XML-RPC Threats
Do the following to ensure that your WordPress sites are protected:- Ensure that your site is running the latest version of iThemes Security (version 5.1.0) or iThemes Security Pro (version 2.0.1).
- Go to Security > Settings.
- Scroll to the WordPress Tweaks section.
- Change the “Multiple Authentication Attempts per XML-RPC Request” setting to “Block“.
- If your site does not use the Jetpack plugin, the WordPress mobile app, or a service that requires XML-RPC, change the “XML-RPC” setting to “Disable XML-RPC“.
- Click the “Save All Changes” button.
Get iThemes Security Pro
Sign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Placeholder text
Placeholder text
Get started with confidence — risk free, guaranteed