{"id":27376,"date":"2018-07-03T04:28:22","date_gmt":"2018-07-03T09:28:22","guid":{"rendered":"https:\/\/www.rosehosting.com\/blog\/?p=27376"},"modified":"2023-04-05T04:10:43","modified_gmt":"2023-04-05T09:10:43","slug":"what-is-wordpress-xml-rpc-and-how-to-stop-an-attack","status":"publish","type":"post","link":"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/","title":{"rendered":"What Is WordPress XML-RPC and How to Stop an Attack"},"content":{"rendered":"<div id=\"bsf_rt_marker\"><\/div><p><img decoding=\"async\" class=\"alignnone size-full wp-image-27384\" src=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2018\/07\/What-Is-WordPress-XML-RPC-and-How-to-Stop-an-Attack.jpg\" alt=\"What Is WordPress XML-RPC and How to Stop an Attack\" width=\"742\" height=\"371\" srcset=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2018\/07\/What-Is-WordPress-XML-RPC-and-How-to-Stop-an-Attack.jpg 742w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2018\/07\/What-Is-WordPress-XML-RPC-and-How-to-Stop-an-Attack-150x75.jpg 150w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2018\/07\/What-Is-WordPress-XML-RPC-and-How-to-Stop-an-Attack-300x150.jpg 300w\" sizes=\"(max-width: 742px) 100vw, 742px\" \/><\/p>\r\n<p>&nbsp;<\/p>\r\n\r\n<div class=\"wp-block-image\">\r\n<figure class=\"alignright size-large\"><img decoding=\"async\" width=\"120\" height=\"120\" class=\"wp-image-35659\" src=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2018\/07\/xml-rpc-server-accepts-post-requests-only.jpg\" alt=\"xml-rpc server accepts post requests only\" \/><\/figure>\r\n<\/div>\r\n\r\n\r\n\r\n<p>XML-RPC is a\u00a0remote procedure call protocol that allows anyone to interact with your WordPress website remotely. In other words, it&#8217;s a way to manage your site without having to log in manually via the standard &#8220;wp-login.php&#8221; page. It&#8217;s widely used by plugins, most famously by Automattic&#8217;s own Jetpack plugin. These days, however, the word &#8220;XML-RPC&#8221; has gotten a bad name. In this tutorial, we will explain what is WordPress XML-RPC and how to stop an XML-RPC attack on your WordPress website.\u00a0<\/p>\r\n\r\n\r\n\r\n<p><!--more--><\/p>\r\n\r\n\r\n\r\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-69eb8e9ff3248\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"ez-toc-cssicon\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-69eb8e9ff3248\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/#Is-XML-RPC-Enabled-on-Your-WordPress-Website\" >Is XML-RPC Enabled on Your WordPress Website?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/#The-Dangers-and-Benefits-of-XML-RPC\" >The Dangers and Benefits of XML-RPC<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/#Method-1-Disable-Pingbacks\" >Method 1: Disable Pingbacks<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/#Method-2-Prevent-All-Authentication-Requests-via-XML-RPC\" >Method 2: Prevent All Authentication Requests via XML-RPC<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/#Method-3-Disable-Access-to-xmlrpcphp\" >Method 3: Disable Access to xmlrpc.php<\/a><\/li><\/ul><\/nav><\/div>\n<h2 id=\"h-is-xml-rpc-enabled-on-your-wordpress-website\" class=\"western wp-block-heading\"><span class=\"ez-toc-section\" id=\"Is-XML-RPC-Enabled-on-Your-WordPress-Website\"><\/span>Is XML-RPC Enabled on Your WordPress Website?<span class=\"ez-toc-section-end\"><\/span><\/h2>\r\n\r\n\r\n\r\n<p>A quick way to check if your site is vulnerable is to visit the following URL from a browser:<\/p>\r\n\r\n\r\n\r\n<pre class=\"wp-block-preformatted\"><i>yoursite.com\/xmlrpc.php<\/i><\/pre>\r\n\r\n\r\n\r\n<p>If it&#8217;s enabled, you should get a response that says &#8220;XML-RPC server accepts POST requests only.&#8221; Like this:<\/p>\r\n\r\n\r\n\r\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"661\" height=\"153\" class=\"wp-image-35661\" src=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2018\/07\/xmlrpc.jpg\" alt=\"xmlrpc\" srcset=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2018\/07\/xmlrpc.jpg 661w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2018\/07\/xmlrpc-300x69.jpg 300w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2018\/07\/xmlrpc-150x35.jpg 150w\" sizes=\"(max-width: 661px) 100vw, 661px\" \/><\/figure>\r\n\r\n\r\n\r\n<h2 id=\"h-the-dangers-and-benefits-of-xml-rpc\" class=\"western wp-block-heading\"><span class=\"ez-toc-section\" id=\"The-Dangers-and-Benefits-of-XML-RPC\"><\/span>The Dangers and Benefits of XML-RPC<span class=\"ez-toc-section-end\"><\/span><\/h2>\r\n\r\n\r\n\r\n<p>There&#8217;s been a lot of back and forth in the WordPress security community about XML-RPC. There are mostly two concerns:<\/p>\r\n\r\n\r\n\r\n<ol class=\"wp-block-list\">\r\n<li>XML-RPC can be used to DDoS a site<\/li>\r\n<li>It can be used to repeatedly try username\/password combinations<\/li>\r\n<\/ol>\r\n\r\n\r\n\r\n<p>At least, these <i>were<\/i> possible. WordPress has since plugged loopholes that allowed people to try hundreds of usernames and passwords at once. Since version 4.4, it&#8217;s been quite improved. Now WordPress will silently fail all subsequent login attempts as soon as a single XML-RPC call has failed. Great!<\/p>\r\n\r\n\r\n\r\n<p>However, there are those who are still concerned about the ease by while remote procedure calls like this can be made. So here are a few ways to secure your site against XML-RPC &#8211; starting from the lightest touch to the heaviest.<\/p>\r\n\r\n\r\n\r\n<h2 id=\"h-method-1-disable-pingbacks\" class=\"western wp-block-heading\"><span class=\"ez-toc-section\" id=\"Method-1-Disable-Pingbacks\"><\/span>Method 1: Disable Pingbacks<span class=\"ez-toc-section-end\"><\/span><\/h2>\r\n\r\n\r\n\r\n<p>This is a process that uses your server as an unwitting participant in an attack against another server. Basically, someone tells your site &#8220;Hey, this URL linked to your blog!&#8221; And then your site responds with a &#8220;pingback&#8221; to that URL. Except that there&#8217;s no verification that the URL actually <i>did<\/i> link back to you.\u00a0Do this with hundreds of vulnerable WordPress sites, and you have a DDoS attack on your hands! The easiest way to prevent your site from being used in this manner is to add the following code to your theme&#8217;s functions.php:<\/p>\r\n\r\n\r\n\r\n<pre class=\"wp-block-preformatted\">function stop_pings ($vectors) {\r\nunset( $vectors['pingback.ping'] );\r\nreturn $vectors;\r\n}\r\nadd_filter( 'xmlrpc_methods', 'stop_pings');<\/pre>\r\n\r\n\r\n\r\n<h2 id=\"h-method-2-prevent-all-authentication-requests-via-xml-rpc\" class=\"western wp-block-heading\"><span class=\"ez-toc-section\" id=\"Method-2-Prevent-All-Authentication-Requests-via-XML-RPC\"><\/span>Method 2: Prevent All Authentication Requests via XML-RPC<span class=\"ez-toc-section-end\"><\/span><\/h2>\r\n\r\n\r\n\r\n<p>This second method determines whether you want to allow XML-RPC methods that authenticate users. Take for example, publishing a blog via e-mail. The site will receive your e-mail, authenticate you via XML-RPC, and then publish it if the credentials match.<\/p>\r\n\r\n\r\n\r\n<p>A lot of people are uncomfortable with the ability of XML-RPC to just take in random calls like this. It&#8217;s what led to hundreds or thousands of authentication attempts in the first place. Even though WordPress has since addressed this particular form of hacking, there are those who recommend simply turning it off.<\/p>\r\n\r\n\r\n\r\n<p>To do that, enter this code in functions.php:<\/p>\r\n\r\n\r\n\r\n<pre class=\"wp-block-preformatted\">add_filter('xmlrpc_enabled','__return_false');<\/pre>\r\n\r\n\r\n\r\n<p>It&#8217;s important to note that this is <i>not<\/i> the same as the first method. This code <i>only<\/i> disables authentication methods and leaves all others untouched &#8211; like pingbacks for example.<\/p>\r\n\r\n\r\n\r\n<h2 id=\"h-method-3-disable-access-to-xmlrpc-php\" class=\"western wp-block-heading\"><span class=\"ez-toc-section\" id=\"Method-3-Disable-Access-to-xmlrpcphp\"><\/span>Method 3: Disable Access to xmlrpc.php<span class=\"ez-toc-section-end\"><\/span><\/h2>\r\n\r\n\r\n\r\n<p>This is the most extreme method that completely disables all XML-RPC functionality. It requires you to edit the .htaccess file at the root of your WordPress directory. Add the following code to the top:<\/p>\r\n\r\n\r\n\r\n<pre class=\"wp-block-preformatted\">&lt;files xmlrpc.php&gt;\r\nOrder allow,deny\r\nDeny from all\r\n&lt;\/files&gt;<\/pre>\r\n\r\n\r\n\r\n<p>Note: If you find your <a href=\"https:\/\/www.rosehosting.com\/blog\/how-to-install-wordpress-on-almalinux-8\/\">WordPress installation<\/a> doesn&#8217;t have a .htaccess file at its root folder, simply create one with the following default code.<\/p>\r\n\r\n\r\n\r\n<pre class=\"wp-block-preformatted\"># BEGIN WordPress\r\n&lt;IfModule mod_rewrite.c&gt;\r\nRewriteEngine On\r\nRewriteBase \/\r\nRewriteRule ^index\\.php$ - [L]\r\nRewriteCond %{REQUEST_FILENAME} !-f\r\nRewriteCond %{REQUEST_FILENAME} !-d\r\nRewriteRule . \/index.php [L]\r\n&lt;\/IfModule&gt;\r\n# END WordPress\r\n\r\n<\/pre>\r\n\r\n\r\n\r\n<p>Now with the above denial rules in effect, trying to access xmlrpc.php will be met with the following page:<\/p>\r\n\r\n\r\n\r\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"652\" height=\"359\" class=\"wp-image-35660\" src=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2018\/07\/xml-rpc-server-accepts-post-requests-only..jpg\" alt=\"xml-rpc server accepts post requests only.\" srcset=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2018\/07\/xml-rpc-server-accepts-post-requests-only..jpg 652w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2018\/07\/xml-rpc-server-accepts-post-requests-only.-300x165.jpg 300w, https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2018\/07\/xml-rpc-server-accepts-post-requests-only.-150x83.jpg 150w\" sizes=\"(max-width: 652px) 100vw, 652px\" \/><\/figure>\r\n\r\n\r\n\r\n<p>And that&#8217;s all there is to it. You have successfully disabled XML-RPC altogether, on your WordPress Site.<\/p>\r\n\r\n\r\n<hr class=\"wp-block-separator\" \/>\r\n\r\n\r\n<div class=\"wp-block-image\">\r\n<figure class=\"alignright size-large\"><img decoding=\"async\" width=\"120\" height=\"120\" class=\"wp-image-35662\" src=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2018\/07\/what-is-xmlsrpc.jpg\" alt=\"what is xmlsrpc?\" \/><\/figure>\r\n<\/div>\r\n\r\n\r\n\r\n<p>If you use one of our\u00a0<a href=\"https:\/\/www.rosehosting.com\/wordpress-hosting.html\">Managed WordPress Hosting Services<\/a>, you can simply ask our expert Linux admins to disable XML-RPC for you. They are available 24\u00d77 and will take care of your request immediately.<\/p>\r\n\r\n\r\n\r\n<p><strong>PS.<\/strong> If you liked this post &#8211; What Is WordPress XML-RPC and How to Stop an Attack,\u00a0 please share it with your friends on the social networks using the buttons below or simply leave a comment in the comments section. Thanks.<\/p>\r\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; XML-RPC is a\u00a0remote procedure call protocol that allows anyone to interact with your WordPress website remotely. In other words, &#8230; <\/p>\n<p class=\"read-more-container\"><a title=\"What Is WordPress XML-RPC and How to Stop an Attack\" class=\"read-more button\" href=\"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/#more-27376\" aria-label=\"Read more about What Is WordPress XML-RPC and How to Stop an Attack\">Read More<\/a><\/p>\n","protected":false},"author":4,"featured_media":27385,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1710,1703],"tags":[148,1727],"class_list":["post-27376","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cms-crm-erp","category-security","tag-wordpress","tag-xml-rpc","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-33"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.4 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>What Is WordPress XML-RPC and How to Stop an Attack | RoseHosting<\/title>\n<meta name=\"description\" content=\"What Is WordPress XML-RPC and How to Stop an Attack | RoseHosting\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What Is WordPress XML-RPC and How to Stop an Attack\" \/>\n<meta property=\"og:description\" content=\"What Is WordPress XML-RPC and How to Stop an Attack | RoseHosting\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"RoseHosting\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/RoseHosting\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/rosehosting.helpdesk\" \/>\n<meta property=\"article:published_time\" content=\"2018-07-03T09:28:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-04-05T09:10:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2018\/07\/What-Is-WordPress-XML-RPC-and-How-to-Stop-an-Attack-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"742\" \/>\n\t<meta property=\"og:image:height\" content=\"371\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jeff Wilson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@rosehosting\" \/>\n<meta name=\"twitter:site\" content=\"@rosehosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeff Wilson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\\\/\"},\"author\":{\"name\":\"Jeff Wilson\",\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/#\\\/schema\\\/person\\\/7ce77a842fa6a9a7f8efa186f2353713\"},\"headline\":\"What Is WordPress XML-RPC and How to Stop an Attack\",\"datePublished\":\"2018-07-03T09:28:22+00:00\",\"dateModified\":\"2023-04-05T09:10:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\\\/\"},\"wordCount\":697,\"commentCount\":2,\"publisher\":{\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/What-Is-WordPress-XML-RPC-and-How-to-Stop-an-Attack-1.jpg\",\"keywords\":[\"wordpress\",\"xml-rpc\"],\"articleSection\":[\"CMS, CRM, ERP\",\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\\\/\",\"url\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\\\/\",\"name\":\"What Is WordPress XML-RPC and How to Stop an Attack | RoseHosting\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/What-Is-WordPress-XML-RPC-and-How-to-Stop-an-Attack-1.jpg\",\"datePublished\":\"2018-07-03T09:28:22+00:00\",\"dateModified\":\"2023-04-05T09:10:43+00:00\",\"description\":\"What Is WordPress XML-RPC and How to Stop an Attack | RoseHosting\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/What-Is-WordPress-XML-RPC-and-How-to-Stop-an-Attack-1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/What-Is-WordPress-XML-RPC-and-How-to-Stop-an-Attack-1.jpg\",\"width\":742,\"height\":371,\"caption\":\"What Is WordPress XML-RPC and How to Stop an Attack\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What Is WordPress XML-RPC and How to Stop an Attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/\",\"name\":\"RoseHosting.com\",\"description\":\"Premium Linux Tutorials Since 2001\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/#organization\",\"name\":\"RoseHosting\",\"url\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/android-chrome-192x192-1.png\",\"contentUrl\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/03\\\/android-chrome-192x192-1.png\",\"width\":192,\"height\":192,\"caption\":\"RoseHosting\"},\"image\":{\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/RoseHosting\",\"https:\\\/\\\/x.com\\\/rosehosting\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/rosehosting\\\/\"],\"description\":\"RoseHosting is a leading Linux hosting provider, serving thousands of clients world-wide since 2001.\",\"email\":\"info@rosehosting.com\",\"telephone\":\"(314) 275-0414\",\"legalName\":\"Rose Web Services LLC\",\"foundingDate\":\"2001-04-02\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"11\",\"maxValue\":\"50\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/#\\\/schema\\\/person\\\/7ce77a842fa6a9a7f8efa186f2353713\",\"name\":\"Jeff Wilson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0985fed6af04cc60703d2ecf27c65dfa373e0ca00eb21c0b03477e099ea3f99f?s=96&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0985fed6af04cc60703d2ecf27c65dfa373e0ca00eb21c0b03477e099ea3f99f?s=96&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0985fed6af04cc60703d2ecf27c65dfa373e0ca00eb21c0b03477e099ea3f99f?s=96&r=g\",\"caption\":\"Jeff Wilson\"},\"description\":\"An experienced Linux veteran with many years of experience. Helping other Linux admins with frequent Linux and business-related blog posts on the RoseHosting blog. Techie by choice. Loving nature and travel. Happily married and father of two lovely children.\",\"sameAs\":[\"https:\\\/\\\/www.rosehosting.com\",\"https:\\\/\\\/www.facebook.com\\\/rosehosting.helpdesk\"],\"url\":\"https:\\\/\\\/www.rosehosting.com\\\/blog\\\/author\\\/jwilson\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"What Is WordPress XML-RPC and How to Stop an Attack | RoseHosting","description":"What Is WordPress XML-RPC and How to Stop an Attack | RoseHosting","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/","og_locale":"en_US","og_type":"article","og_title":"What Is WordPress XML-RPC and How to Stop an Attack","og_description":"What Is WordPress XML-RPC and How to Stop an Attack | RoseHosting","og_url":"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/","og_site_name":"RoseHosting","article_publisher":"https:\/\/www.facebook.com\/RoseHosting","article_author":"https:\/\/www.facebook.com\/rosehosting.helpdesk","article_published_time":"2018-07-03T09:28:22+00:00","article_modified_time":"2023-04-05T09:10:43+00:00","og_image":[{"width":742,"height":371,"url":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2018\/07\/What-Is-WordPress-XML-RPC-and-How-to-Stop-an-Attack-1.jpg","type":"image\/jpeg"}],"author":"Jeff Wilson","twitter_card":"summary_large_image","twitter_creator":"@rosehosting","twitter_site":"@rosehosting","twitter_misc":{"Written by":"Jeff Wilson","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/#article","isPartOf":{"@id":"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/"},"author":{"name":"Jeff Wilson","@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/7ce77a842fa6a9a7f8efa186f2353713"},"headline":"What Is WordPress XML-RPC and How to Stop an Attack","datePublished":"2018-07-03T09:28:22+00:00","dateModified":"2023-04-05T09:10:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/"},"wordCount":697,"commentCount":2,"publisher":{"@id":"https:\/\/www.rosehosting.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2018\/07\/What-Is-WordPress-XML-RPC-and-How-to-Stop-an-Attack-1.jpg","keywords":["wordpress","xml-rpc"],"articleSection":["CMS, CRM, ERP","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/","url":"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/","name":"What Is WordPress XML-RPC and How to Stop an Attack | RoseHosting","isPartOf":{"@id":"https:\/\/www.rosehosting.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/#primaryimage"},"image":{"@id":"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2018\/07\/What-Is-WordPress-XML-RPC-and-How-to-Stop-an-Attack-1.jpg","datePublished":"2018-07-03T09:28:22+00:00","dateModified":"2023-04-05T09:10:43+00:00","description":"What Is WordPress XML-RPC and How to Stop an Attack | RoseHosting","breadcrumb":{"@id":"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/#primaryimage","url":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2018\/07\/What-Is-WordPress-XML-RPC-and-How-to-Stop-an-Attack-1.jpg","contentUrl":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2018\/07\/What-Is-WordPress-XML-RPC-and-How-to-Stop-an-Attack-1.jpg","width":742,"height":371,"caption":"What Is WordPress XML-RPC and How to Stop an Attack"},{"@type":"BreadcrumbList","@id":"https:\/\/www.rosehosting.com\/blog\/what-is-wordpress-xml-rpc-and-how-to-stop-an-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.rosehosting.com\/blog\/"},{"@type":"ListItem","position":2,"name":"What Is WordPress XML-RPC and How to Stop an Attack"}]},{"@type":"WebSite","@id":"https:\/\/www.rosehosting.com\/blog\/#website","url":"https:\/\/www.rosehosting.com\/blog\/","name":"RoseHosting.com","description":"Premium Linux Tutorials Since 2001","publisher":{"@id":"https:\/\/www.rosehosting.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.rosehosting.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.rosehosting.com\/blog\/#organization","name":"RoseHosting","url":"https:\/\/www.rosehosting.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2022\/03\/android-chrome-192x192-1.png","contentUrl":"https:\/\/www.rosehosting.com\/blog\/wp-content\/uploads\/2022\/03\/android-chrome-192x192-1.png","width":192,"height":192,"caption":"RoseHosting"},"image":{"@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/RoseHosting","https:\/\/x.com\/rosehosting","https:\/\/www.linkedin.com\/in\/rosehosting\/"],"description":"RoseHosting is a leading Linux hosting provider, serving thousands of clients world-wide since 2001.","email":"info@rosehosting.com","telephone":"(314) 275-0414","legalName":"Rose Web Services LLC","foundingDate":"2001-04-02","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"11","maxValue":"50"}},{"@type":"Person","@id":"https:\/\/www.rosehosting.com\/blog\/#\/schema\/person\/7ce77a842fa6a9a7f8efa186f2353713","name":"Jeff Wilson","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/0985fed6af04cc60703d2ecf27c65dfa373e0ca00eb21c0b03477e099ea3f99f?s=96&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/0985fed6af04cc60703d2ecf27c65dfa373e0ca00eb21c0b03477e099ea3f99f?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0985fed6af04cc60703d2ecf27c65dfa373e0ca00eb21c0b03477e099ea3f99f?s=96&r=g","caption":"Jeff Wilson"},"description":"An experienced Linux veteran with many years of experience. Helping other Linux admins with frequent Linux and business-related blog posts on the RoseHosting blog. Techie by choice. Loving nature and travel. Happily married and father of two lovely children.","sameAs":["https:\/\/www.rosehosting.com","https:\/\/www.facebook.com\/rosehosting.helpdesk"],"url":"https:\/\/www.rosehosting.com\/blog\/author\/jwilson\/"}]}},"_links":{"self":[{"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/posts\/27376","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/comments?post=27376"}],"version-history":[{"count":2,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/posts\/27376\/revisions"}],"predecessor-version":[{"id":41023,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/posts\/27376\/revisions\/41023"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/media\/27385"}],"wp:attachment":[{"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/media?parent=27376"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/categories?post=27376"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rosehosting.com\/blog\/wp-json\/wp\/v2\/tags?post=27376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}