Best Web Hosting

Disable WordPress XMLRPC.PHP - Common Brute Force Hacker Exploit | WP Learning Lab - Best Webhosting

Thanks! Share it with your friends!

URL

You disliked this video. Thanks for the feedback!

Sorry, only registred users can create playlists.
ULTRAFAST, CHEAP, SCALABLE AND RELIABLE! WE STRONGLY RECOMMEND ACCU WEB HOSTING COMPANY
Disable WordPress XMLRPC.PHP - Common Brute Force Hacker Exploit | WP Learning Lab

Watch Wordpress WPLearningLab Video: Disable WordPress XMLRPC.PHP - Common Brute Force Hacker Exploit | WP Learning Lab.
Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL
Download our exclusive 10-Point WP Hardening Checklist: http://bit.ly/10point-wordpress-hardening-checklist
Disable WordPress XMLRPC.PHP - Common Brute Force Hacker Exploit | WP Learning Lab

# BEGIN Disable XML-RPC.PHP

(left pointy bracket)Files xmlrpc.php(right pointy bracket)
Order Deny,Allow
Deny from all
(left pointy bracket)/Files(right pointy bracket)

# END Disable XML-RPC.PHP

YouTube doesn't allow the pointy brackets (Shift period and Shift comma) so make sure they match what you see in the video.

In this tutorial I'm going to show you how to block access to the XMLRPC.PHP file. This file is commonly used by hackers to brute force your username and password when the login.php is protected.

The only time you would not want to disable the XMLRPC.PHP file is if you are using it to post to your WordPress site. XMLRPC allows you to create drafts and posts by sending email to your WordPress website.

The vast majority of people don't even know this function exists in their WordPress site, so there's no reason to keep it active as an attack vector.

So let's put that code into your .htaccess file and secure WordPress.

First login into your hosting account cPanel. Then find and click on the File Manager icon and choose the Document Root for the website that you are hardening. This will open the root of the website in another tab.

You can also log into the website root using FTP if you are more comfortable with that.

If you do not see a .htaccess in the website right then you can make one by clicking Add New File in the File Manager or right-clicking and choosing Create New File via FTP.

Open the .htaccess file and paste the code from above into it. There is no need to make adjustments to the code. Once pasted in just save the file and you're done.

Now you've done your WordPress security for the day. Time to take a break! Or better yet, watch the next video.

I hope this information helps you! If you have any questions leave a comment below or ping me @WPLearningLab on Twitter.

--------------

If you want more excellent WordPress information check out our website where we post WordPress tutorials daily.

http://wplearninglab.com/

Connect with us:

WP Learning Lab Channel: http://www.youtube.com/subscription_center?add_user=wplearninglab

Facebook: https://www.facebook.com/wplearninglab

Twitter: https://twitter.com/WPLearningLab

Google Plus: http://google.com/+Wplearninglab

Pinterest: http://www.pinterest.com/wplearninglab/

Published:
Category: Wordpress WPLearningLab
85 Views

Related Videos

RECOMMENDED WEB HOSTING

FASTCOMET

Fastcomet

HOSTGATOR

HOSTGATOR

BLUEHOST

BLUEHOST

SITEGROUND

SITEGROUND

A2 HOSTING

A2 HOSTING

HOSTINGER

HOSTINGER

DREAMHOST

DREAMHOST

ACCU WEBHOSTING

ACCU WEBHOSTING

MILESWEB

MILESWEB

HOSTPAPA

HOSTPAPA
RSS