Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Wordpress error: Cannot write style-custom.css file Question Question
How to manage Wordpress Files through SFTP? Question Question

Question

Enabling block-xmlrpc

Posted May 23, 2020 1.3k views
WordPress

I sometimes get “error establishing a database connection” with one of my wordpress sites.

After typing this: “grep xmlrpc /var/log/apache2/access.log” I got a similar output showing a XML-RPC attack and enabled block-xmlrpc.

My question is that is there any issue with enabling block-xmlrpc? Should I enable it on my other wordpress site as well?

Add a comment
rem3n
By:
rem3n

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Wordpress error: Cannot write style-custom.css file Question Question
How to manage Wordpress Files through SFTP? Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
bobbyiliev May 23, 2020

Hi there @rem3n,

The XMLRPC is used to allow remote updates to WordPress from other applications. If you are not using this functionality you can disable it I believe.

For example, you could add the following to your .htaccess file to prevent all access to that file:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
  order deny,allow
  deny from all
</Files>
# END protect xmlrpc.php

Hope that this helps!
Regards,
Bobby

Reply Report
  • rem3n May 23, 2020

    Thanks, I already run this: sudo a2enconf block-xmlrpc
    Do I also need to add this to .htaccess ?

    Reply Report
    • bobbyiliev May 23, 2020

      Hi there @rem3n,

      Yes indeed enabling the Apache module should be enough, you can also check your Apache access log to verify if the requests are being blocked. To do that just run this command here:

      • sudo grep 'xmlrpc' /var/log/apache2/access.log | tail -30

      This would output the last 30 lines of your Apache access log containing the xmlrpc keyword.

      Regards,
      Bobby

      Reply Report

Related

Looking for something else?

Ask a new question Search for more help