When updating security for a remote procedure call
Enter the offline blog client, which allowed users to type posts offline and then connect to Blogger API-enabled blogs through XML-RPC.Other blogging systems followed suit, and there was eventually a Meta Weblog API that standardized basic access.
Some additions to your .htaccess file can lock down access to the file. You can simplify this process by installing and activating the Disable XML-RPC plugin.Defender protects you against evil bots and hackers with automated security scans, vulnerability reports, safety recommendations, blacklist monitoring and customized hardening in just a few clicks.TRY WPMU DEV FREE LEARN MORE Understand that the security issue isn’t really XML-RPC itself, the problem is that attackers can use this as another way to brute-force its way through to your username and password.This happens by way of the Remote Procedure Calls – that is what RPC stands for. If you want to be fussy about it, it’s part of the pre-history of Word Press; being part of the b2 platform that Matt Mullenweg forked to create Word Press. Enable XML-RPC was added to the Word Press Remote Publishing settings, with the default setting set to “Off.” A week later, the Word Press for i Phone app was released, and its users were asked to flip the setting to “On.” Four years after the i Phone app joined the family, Word Press 3.5 made XML-RPC support enabled by default and took away the dashboard setting. The main weaknesses associated with XML-RPC are: So here we go again.The modern world is deeply annoying with its trade-offs.Instead of the mobile apps, you can So you have become dependent on all these tools that are, in turn, dependent on XML-RPC.
I really get that you don’t want to turn XML-RPC off, even for a little while.
If you want to make sure no one is bringing a bomb on your airplane, you have to stand in line to go through the metal detectors.
If you want to keep your car while you’re shopping, lock the doors and close the windows.
Jumping forward a decade or so, today we all use apps on our phones and tablets instead of our computers.
One of the things that people like to do with their phones is post to their Word Press sites.
Here are some plugins that can help: I’ll note that one major security plugin, Wordfence, decided against disabling XML-RPC.