Question Xmlrpc attack problem

[kea]

Hi,

I have a problem with an xmlrpc attack on WordPress websites on the server.

I tried to use Fail2ban like in this tutorial:

Using Fail2ban on wordpress wp-login.php and xmlrpc.php – RimuHosting Blog

blog.rimuhosting.com

The problem is that it also bans real users who want to log into WordPress using the Wordpress application for a PC or Smartphone.

How to deal with this?

 

[Bitpalast]

I can confirm that the Wordpress app will cause users to be blocked by Fail2Ban. That is mainly for the very high frequency that this app connects to the site and transmits more or less "empty" POSTs to it or repeatedly requests the same files from the Wordpress installation. It is more an issue of the app than an issue of the jail. The app has no reason to continuously communicate with the server and creates a lot of unnecessary load. It's been that way for years.

To disable xmlrpc.php for good in Wordpress, insert these lines into the .htaccess file in the Wordpress directory:
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

Also, look at the "Security" button of the Wordpress Toolkit in Plesk. You can also disable XMLRPC in there.

 

[Configbox Internet SLC]

Hello

As @Peter Debik correctly explains, you can control this with .htaccess (deny/allow all or deny/allow only for ips).
If you don't want to do it manually or want a more general blocking per country, you can use our plugin: Deny-country Extension, it also allows limiting the attack on wp- login.php (something common Unfortunately, in our case for example, it's easy to limit access to spain the wp-login and unlock it for client that need access to other countries)