Hacker continuously try to hack WordPress websites. They know once they have administrative access to your WordPress, they can hide files deep beneath the root and start sending phishing scams there to conduct real crime.
Here are some ways to mitigate login attacks on WordPress servers:
- Use Wordfence and make sure it’s monitored and actioned on
- Use a secure password that is not re-used anywhere
- Use 2FA authentication
- Hide the login page
- Disable access to
xmlrpc.php
This article is about the last option, namely hiding access to xmlrpc.php.
If you are hosting your website with Vander Host, you’re in a good position because our security software already has the functionality to quickly block access to xmlrpc.php. Here is a screenshot:
The further benefit one gets from restricting access to xmlrpc.php is that load on the server will go down and all websites will load faster.
Question
Will something break it I block
xmlrpc.phpon my WordPress?
Unfortunately some plugins use xmlrpc.php for it’s built-in functionality. Our suggestion is to turn access to xmlrpc.php off, or consult the manual of your plugin. If it’s still needed, you’ll have to turn it back on again.
Contact Vander Host should you require more information on how to create excellent security for your WordPress website.
