wordpress POST xmlrpc.php WTF ?

WordPress is widespread because it is such a good blogging platform, CMS, DMS and you-name-it. Unfortunately it means that it becomes the target of many spam and DoS attacks.

The one that is steaming right now it the one that fills your logs with this:
93.174.93.204 wp.libpf.com - [04/Sep/2014:07:33:30 +0000] "POST /xmlrpc.php HTTP/1.0" 403 345 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
212.79.108.47 wp.libpf.com - [04/Sep/2014:07:34:02 +0000] "POST /xmlrpc.php HTTP/1.1" 403 345 "-" "-"
...

To block it, add this to your lighttpd.conf:
url.access-deny = ( "~", ".inc", "xmlrpc.php" )

and restart it:
service lighttpd restart

About paolog

homo technologicus cynicus
This entry was posted in Uncategorized. Bookmark the permalink.

One Response to wordpress POST xmlrpc.php WTF ?

  1. paolog says:

    This is still going on so it might be of interest how to stop it on nginx:

    list all affected sites on your vhost:
    grep -l wordpress /etc/nginx/sites-enabled/*

    edit all those configurations adding this in the server { } clause:
    location = /xmlrpc.php {
    deny all;
    access_log off; #to prevent from filling up the access log file
    error_log off; #to prevent from filling up the error log file
    }

    test that your changes are fine with nginx:
    nginx -t

    restart the nginx service:
    systemctl restart nginx
    location = /xmlrpc.php {
    deny all;
    }

Leave a Reply

Your email address will not be published. Required fields are marked *