Your SlideShare is downloading. ×

Stopping the WordPress XML-RPC Hack

258

Published on

This presentation, originally given at the WordPress Orlando Meetup on April 8th, 2014, is a basic tutorial on how to stop the XML-RPC hack in WordPress using just a few lines of code.

This presentation, originally given at the WordPress Orlando Meetup on April 8th, 2014, is a basic tutorial on how to stop the XML-RPC hack in WordPress using just a few lines of code.

Published in: Internet, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
258
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Stopping the XML-RPC Hack Simple Solutions for a Serious Problem
  • 2. Adam Soucie • Highforge • Web Developer • Content writer
  • 3. • Allows WordPress to post on your behalf • Allows access to WordPress clients • Allows for ping backs and trackbacks What is XML-RPC?
  • 4. • Hijacks your website without your knowledge • Uses your site for a DDoS attack • Potentially gets your domain labelled as a spammer Why is it dangerous?
  • 5. • Add a filter to functions.php • Prevent access to XMLRPC.php using .htaccess • Use a plugin How do you stop it?
  • 6. • Completely disables XMLRPC.php • Uses a filter • One line of code • Alternative for Jetpack users is 5 lines Method 1: Functions.php
  • 7. add_filter('xmlrpc_enabled', '__return_false'); Complete disable XML-RPC…
  • 8. add_filter( 'xmlrpc_methods', 'remove_xmlrpc_pingback_ping' );! function remove_xmlrpc_pingback_ping( $methods ) {! unset( $methods['pingback.ping'] );! return $methods;! } ; …or just block Pingbacks
  • 9. • One command • Blocks access at the server level for extra security • Can also whitelist IPs to allow limited access Method 2: .htaccess
  • 10. <Files xmlrpc.php> Order Deny,Allow Deny from all </Files> To block all access…
  • 11. <Files xmlrpc.php> Order Deny,Allow Deny from all Allow from 987.654.321 </Files> …or to Whitelist IPs
  • 12. • Mimics the Functions.php method • Perfect for non-coders • Disable XML-RPC is the most common one Method 3: Use a plugin
  • 13. Any questions?
  • 14. More info: www.adamsoucie.com www.highforge.com Illustrations by: Tina Fiume

×