Disable WordPress XMLRPC.PHP - Common Brute Force Hacker Exploit | WP Learning Lab - Best Webhosting

ULTRAFAST, CHEAP, SCALABLE AND RELIABLE! WE STRONGLY RECOMMEND ACCU WEB HOSTING COMPANY

Watch Wordpress WPLearningLab Video: Disable WordPress XMLRPC.PHP - Common Brute Force Hacker Exploit | WP Learning Lab.
Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL
Download our exclusive 10-Point WP Hardening Checklist: http://bit.ly/10point-wordpress-hardening-checklist
Disable WordPress XMLRPC.PHP - Common Brute Force Hacker Exploit | WP Learning Lab

# BEGIN Disable XML-RPC.PHP

(left pointy bracket)Files xmlrpc.php(right pointy bracket)
Order Deny,Allow
Deny from all
(left pointy bracket)/Files(right pointy bracket)

# END Disable XML-RPC.PHP

YouTube doesn't allow the pointy brackets (Shift period and Shift comma) so make sure they match what you see in the video.

In this tutorial I'm going to show you how to block access to the XMLRPC.PHP file. This file is commonly used by hackers to brute force your username and password when the login.php is protected.

The only time you would not want to disable the XMLRPC.PHP file is if you are using it to post to your WordPress site. XMLRPC allows you to create drafts and posts by sending email to your WordPress website.

The vast majority of people don't even know this function exists in their WordPress site, so there's no reason to keep it active as an attack vector.

So let's put that code into your .htaccess file and secure WordPress.

First login into your hosting account cPanel. Then find and click on the File Manager icon and choose the Document Root for the website that you are hardening. This will open the root of the website in another tab.

You can also log into the website root using FTP if you are more comfortable with that.

If you do not see a .htaccess in the website right then you can make one by clicking Add New File in the File Manager or right-clicking and choosing Create New File via FTP.

Open the .htaccess file and paste the code from above into it. There is no need to make adjustments to the code. Once pasted in just save the file and you're done.

Now you've done your WordPress security for the day. Time to take a break! Or better yet, watch the next video.

I hope this information helps you! If you have any questions leave a comment below or ping me @WPLearningLab on Twitter.

--------------

If you want more excellent WordPress information check out our website where we post WordPress tutorials daily.

http://wplearninglab.com/

Connect with us:

WP Learning Lab Channel: http://www.youtube.com/subscription_center?add_user=wplearninglab

Facebook: https://www.facebook.com/wplearninglab

Twitter: https://twitter.com/WPLearningLab

Google Plus: http://google.com/+Wplearninglab

Pinterest: http://www.pinterest.com/wplearninglab/

Published: Saturday, August 10, 2019 8:42 AM
Category: Wordpress WPLearningLab

103 Views

Related Videos

Prevent PHP Execution In The WordPress Uploads Folder - Common Hacker Exploit | WP Learning Lab

by Best Webhosting Added 4 years ago 99 Views / 0 Likes

Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL Download our exclusive 10-Point WP Hardening Checklist: http://bit.ly/10point-wordpress-hardening-checklist Prevent PHP Execution In The WordPress Uploads Folder - Common Hacker Exploit | WP Learning Lab # BEGIN Stop PHP Execution in Uploads Folder Order Allow,Deny Deny from all (left pointy bracket)FilesMatch "^[^.]+\.(?:[Jj][Pp][Ee]?[Gg]|[Pp][Nn][Gg]|[Gg][Ii][Ff]|[Pp][Dd]
Brute Force Login Attacks Explained - Better WordPress Security | WP Learning Lab

by Best Webhosting Added 4 years ago 97 Views / 0 Likes

Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL Download our exclusive 10-Point WP Hardening Checklist: http://bit.ly/10point-wordpress-hardening-checklist Brute Force Login Attacks Explained - Better WordPress Security | WP Learning Lab #1 Biggest Security Threat Facing WordPress this year: http://bit.ly/WordPress-Security2 What is a Brute Force Attack? A hacker gains access to your website by guessing a correct usernam
Popular
Limit WordPress WP-Admin Access To Specific IPs - Keep Brute Force Hackers Out | WP Learning Lab

by Best Webhosting Added 4 years ago 109 Views / 0 Likes

Limit WordPress WP-Admin Access To Specific IPs - Keep Brute Force Hackers Out | WP Learning Lab # BEGIN Restrict WP-Admin Access To Specific IPs Order Deny,Allow Allow from 123.456.789.111 Deny from all # END Block WP-Admin Access To Specific IPs In this tutorial I'm going to show you how you can disable wp-admin access to only IP addresses that you specify. This works great if you have a static IP or a known dynamic IP range that you always access t
Change WordPress Admin Username Via MySQL - Brute Force Attack Prevention | WP Learning Lab

by Best Webhosting Added 4 years ago 100 Views / 0 Likes

Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL Download our exclusive 10-Point WP Hardening Checklist: http://bit.ly/10point-wordpress-hardening-checklist Change WordPress Admin Username Via MySQL - Brute Force Attack Prevention | WP Learning Lab UPDATE wp_users SET user_login = 'Your New Username' WHERE user_login = 'Admin'; In this tutorial I'm going to show you how to change the Admin username on your WordPress accou
Password Protect Your WordPress Login Page - Brute Force Attack Prevention | WP Learning Lab

by Best Webhosting Added 4 years ago 94 Views / 0 Likes

Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL Download our exclusive 10-Point WP Hardening Checklist: http://bit.ly/10point-wordpress-hardening-checklist Password Protect Your WordPress Login Page - Brute Force Attack Prevention | WP Learning Lab # Password protect the wp-login.php file ErrorDocument 401 "Unauthorized Access" ErrorDocument 403 "Forbidden" (left pointy bracket)FilesMatch "wp-login.php"(right pointy brac
Limit Login Attempts Plugin - Use It To Stop Brute Force Attacks | WP Learning Lab

by Best Webhosting Added 4 years ago 94 Views / 0 Likes

Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL Download our exclusive 10-Point WP Hardening Checklist: http://bit.ly/10point-wordpress-hardening-checklist Limit Login Attempts Plugin - Use It To Stop Brute Force Attacks | WP Learning Lab The Limit Login Attempts WordPress Plugin is used to help prevent brute force login attacks. You can read more about this WordPress security plugin here: https://wordpress.org/plugins/l
Prevent Brute Force Attacks In WordPress in 2020

by Best Webhosting Added 4 years ago 89 Views / 0 Likes

Prevent Brute Force Attacks In WordPress in 2020 https://youtu.be/Wt3Amy2PI3s //* Link to backup tutorial: https://youtu.be/566Zw8e84lE Link to Wordfence Tutorial : https://youtu.be/2F460uMt2JE Join our private Facebook group today! https://www.facebook.com/groups/wplearninglab //* The way you prevent brute force attacks in WordPress is by making your site more secure than the average. That means that your site is no longer the "low hanging fruit" tha
How To Limit The Login Attempts On WordPress For Free? Security To Prevent Brute Force

by Best Webhosting Added 1 year ago 26 Views / 0 Likes

In today's video tutorial, we'll learn a simple, fast, and effective way to prevent brute force attacks on your WordPress website by limiting the login attempts for free Why Has Online Security Never Been More Essential https://visualmodo.com/online-security-essential/ How To Add a Security Question To Login At WordPress Dashboard? https://www.youtube.com/watch?v=jQOPMPPBvjQ How To Hide WordPress Login Page From Public? Website Security Guide https://
WordPress Username Hack - Stop Hackers Finding Out Your Username By Brute Force

by Best Webhosting Added 4 years ago 74 Views / 0 Likes

Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL Download our exclusive 10-Point WP Hardening Checklist: http://bit.ly/10point-wordpress-hardening-checklist WordPress Username Hack - Stop Hackers Finding Out Your Username By Brute Force Ever since WordPress 3.0 webmasters have had the ability to choose their own usernames when installing WordPress, which helps in reducing the number of successful brute force login attacks
Popular
WordPress Login Lockdown Stops Brute Force Attacks On The Login Page

by Best Webhosting Added 4 years ago 117 Views / 0 Likes

Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL WordPress Login Lockdown Stops Brute Force Attacks On The Login Page https://youtu.be/KdN98CtXtiA Plugin in repo: https://en-ca.wordpress.org/plugins/login-lockdown/ Wordpress Login Lockdown is a brute force hacking security plugin. It will help reduce the chances of a brute force attach being successful. It is very similar to Limit Login Attempts Reloaded with one importan
How To Remove The WordPress Version Number From Your Site - Hacker Proofing | WP Learning Lab

by Best Webhosting Added 4 years ago 91 Views / 0 Likes

Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL Download our exclusive 10-Point WP Hardening Checklist: http://bit.ly/10point-wordpress-hardening-checklist How To Remove The WordPress Version Number From Your Site - Hacker Proofing | WP Learning Lab remove_action('wp_head', 'wp_generator'); //Remove WordPress version from site In this tutorial you're going to learn how to remove the WordPress version number (WordPress ge
Protect Your WordPress WP-Config.php Via .htaccess - Hacker Proofing Your Site | WP Learning Lab

by Best Webhosting Added 4 years ago 98 Views / 0 Likes

Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL Download our exclusive 10-Point WP Hardening Checklist: http://bit.ly/10point-wordpress-hardening-checklist Protect Your WordPress WP-Config.php Via .htaccess - Hacker Proofing Your Site | WP Learning Lab # BEGIN Protect the wp-config.php file (left pointy bracket)files wp-config.php(right pointy bracket) order allow,deny deny from all (left pointy bracket)/files(right poin