Related

Wordpress error: Cannot write style-custom.css file Question Question
How to manage Wordpress Files through SFTP? Question Question

Question

Enabling block-xmlrpc

Posted May 23, 2020 442 views
WordPress

I sometimes get “error establishing a database connection” with one of my wordpress sites.

After typing this: “grep xmlrpc /var/log/apache2/access.log” I got a similar output showing a XML-RPC attack and enabled block-xmlrpc.

My question is that is there any issue with enabling block-xmlrpc? Should I enable it on my other wordpress site as well?

Add a comment
rem3n
By:
rem3n
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
bobbyiliev May 23, 2020

Hi there @rem3n,

The XMLRPC is used to allow remote updates to WordPress from other applications. If you are not using this functionality you can disable it I believe.

For example, you could add the following to your .htaccess file to prevent all access to that file:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
  order deny,allow
  deny from all
</Files>
# END protect xmlrpc.php

Hope that this helps!
Regards,
Bobby

Reply Report
  • rem3n May 23, 2020

    Thanks, I already run this: sudo a2enconf block-xmlrpc
    Do I also need to add this to .htaccess ?

    Reply Report
    • bobbyiliev May 23, 2020

      Hi there @rem3n,

      Yes indeed enabling the Apache module should be enough, you can also check your Apache access log to verify if the requests are being blocked. To do that just run this command here:

      • sudo grep 'xmlrpc' /var/log/apache2/access.log | tail -30

      This would output the last 30 lines of your Apache access log containing the xmlrpc keyword.

      Regards,
      Bobby

      Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help