Disable WordPress XMLRPC.PHP - Common Brute Force Hacker Exploit | WP Learning Lab - Best Webhosting

Thanks! Share it with your friends!

URL

You disliked this video. Thanks for the feedback!

Sorry, only registred users can create playlists.

ULTRAFAST, CHEAP, SCALABLE AND RELIABLE! WE STRONGLY RECOMMEND ACCU WEB HOSTING COMPANY

Disable WordPress XMLRPC.PHP - Common Brute Force Hacker Exploit | WP Learning Lab

Watch Wordpress WPLearningLab Video: Disable WordPress XMLRPC.PHP - Common Brute Force Hacker Exploit | WP Learning Lab.
Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL
Download our exclusive 10-Point WP Hardening Checklist: http://bit.ly/10point-wordpress-hardening-checklist
Disable WordPress XMLRPC.PHP - Common Brute Force Hacker Exploit | WP Learning Lab

# BEGIN Disable XML-RPC.PHP

(left pointy bracket)Files xmlrpc.php(right pointy bracket)
Order Deny,Allow
Deny from all
(left pointy bracket)/Files(right pointy bracket)

# END Disable XML-RPC.PHP

YouTube doesn't allow the pointy brackets (Shift period and Shift comma) so make sure they match what you see in the video.

In this tutorial I'm going to show you how to block access to the XMLRPC.PHP file. This file is commonly used by hackers to brute force your username and password when the login.php is protected.

The only time you would not want to disable the XMLRPC.PHP file is if you are using it to post to your WordPress site. XMLRPC allows you to create drafts and posts by sending email to your WordPress website.

The vast majority of people don't even know this function exists in their WordPress site, so there's no reason to keep it active as an attack vector.

So let's put that code into your .htaccess file and secure WordPress.

First login into your hosting account cPanel. Then find and click on the File Manager icon and choose the Document Root for the website that you are hardening. This will open the root of the website in another tab.

You can also log into the website root using FTP if you are more comfortable with that.

If you do not see a .htaccess in the website right then you can make one by clicking Add New File in the File Manager or right-clicking and choosing Create New File via FTP.

Open the .htaccess file and paste the code from above into it. There is no need to make adjustments to the code. Once pasted in just save the file and you're done.

Now you've done your WordPress security for the day. Time to take a break! Or better yet, watch the next video.

I hope this information helps you! If you have any questions leave a comment below or ping me @WPLearningLab on Twitter.

--------------

If you want more excellent WordPress information check out our website where we post WordPress tutorials daily.

http://wplearninglab.com/

Connect with us:

WP Learning Lab Channel: http://www.youtube.com/subscription_center?add_user=wplearninglab

Facebook: https://www.facebook.com/wplearninglab

Twitter: https://twitter.com/WPLearningLab

Google Plus: http://google.com/+Wplearninglab

Pinterest: http://www.pinterest.com/wplearninglab/

Published:
Category: Wordpress WPLearningLab
102 Views

Related Videos

  • Prevent PHP Execution In The WordPress Uploads Folder - Common Hacker Exploit | WP Learning Lab

    Prevent PHP Execution In The WordPress Uploads Folder - Common Hacker Exploit | WP Learning Lab

    by Best Webhosting Added 98 Views / 0 Likes

    Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL Download our exclusive 10-Point WP Hardening Checklist: http://bit.ly/10point-wordpress-hardening-checklist Prevent PHP Execution In The WordPress Uploads Folder - Common Hacker Exploit | WP Learning Lab # BEGIN Stop PHP Execution in Uploads Folder Order Allow,Deny Deny from all (left pointy bracket)FilesMatch "^[^.]+\.(?:[Jj][Pp][Ee]?[Gg]|[Pp][Nn][Gg]|[Gg][Ii][Ff]|[Pp][Dd]

  • Brute Force Login Attacks Explained - Better WordPress Security | WP Learning Lab

    Brute Force Login Attacks Explained - Better WordPress Security | WP Learning Lab

    by Best Webhosting Added 95 Views / 0 Likes

    Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL Download our exclusive 10-Point WP Hardening Checklist: http://bit.ly/10point-wordpress-hardening-checklist Brute Force Login Attacks Explained - Better WordPress Security | WP Learning Lab #1 Biggest Security Threat Facing WordPress this year: http://bit.ly/WordPress-Security2 What is a Brute Force Attack? A hacker gains access to your website by guessing a correct usernam

  • Popular Limit WordPress WP-Admin Access To Specific IPs - Keep Brute Force Hackers Out | WP Learning Lab

    Limit WordPress WP-Admin Access To Specific IPs - Keep Brute Force Hackers Out | WP Learning Lab

    by Best Webhosting Added 107 Views / 0 Likes

    Limit WordPress WP-Admin Access To Specific IPs - Keep Brute Force Hackers Out | WP Learning Lab # BEGIN Restrict WP-Admin Access To Specific IPs Order Deny,Allow Allow from 123.456.789.111 Deny from all # END Block WP-Admin Access To Specific IPs In this tutorial I'm going to show you how you can disable wp-admin access to only IP addresses that you specify. This works great if you have a static IP or a known dynamic IP range that you always access t

  • Change WordPress Admin Username Via MySQL - Brute Force Attack Prevention | WP Learning Lab

    Change WordPress Admin Username Via MySQL - Brute Force Attack Prevention | WP Learning Lab

    by Best Webhosting Added 98 Views / 0 Likes

    Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL Download our exclusive 10-Point WP Hardening Checklist: http://bit.ly/10point-wordpress-hardening-checklist Change WordPress Admin Username Via MySQL - Brute Force Attack Prevention | WP Learning Lab UPDATE wp_users SET user_login = 'Your New Username' WHERE user_login = 'Admin'; In this tutorial I'm going to show you how to change the Admin username on your WordPress accou

  • Password Protect Your WordPress Login Page - Brute Force Attack Prevention | WP Learning Lab

    Password Protect Your WordPress Login Page - Brute Force Attack Prevention | WP Learning Lab

    by Best Webhosting Added 94 Views / 0 Likes

    Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL Download our exclusive 10-Point WP Hardening Checklist: http://bit.ly/10point-wordpress-hardening-checklist Password Protect Your WordPress Login Page - Brute Force Attack Prevention | WP Learning Lab # Password protect the wp-login.php file ErrorDocument 401 "Unauthorized Access" ErrorDocument 403 "Forbidden" (left pointy bracket)FilesMatch "wp-login.php"(right pointy brac

  • Limit Login Attempts Plugin - Use It To Stop Brute Force Attacks | WP Learning Lab

    Limit Login Attempts Plugin - Use It To Stop Brute Force Attacks | WP Learning Lab

    by Best Webhosting Added 92 Views / 0 Likes

    Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL Download our exclusive 10-Point WP Hardening Checklist: http://bit.ly/10point-wordpress-hardening-checklist Limit Login Attempts Plugin - Use It To Stop Brute Force Attacks | WP Learning Lab The Limit Login Attempts WordPress Plugin is used to help prevent brute force login attacks. You can read more about this WordPress security plugin here: https://wordpress.org/plugins/l

  • Prevent Brute Force Attacks In WordPress in 2020

    Prevent Brute Force Attacks In WordPress in 2020

    by Best Webhosting Added 88 Views / 0 Likes

    Prevent Brute Force Attacks In WordPress in 2020 https://youtu.be/Wt3Amy2PI3s //* Link to backup tutorial: https://youtu.be/566Zw8e84lE Link to Wordfence Tutorial : https://youtu.be/2F460uMt2JE Join our private Facebook group today! https://www.facebook.com/groups/wplearninglab //* The way you prevent brute force attacks in WordPress is by making your site more secure than the average. That means that your site is no longer the "low hanging fruit" tha

  • How To Limit The Login Attempts On WordPress For Free? Security To  Prevent Brute Force

    How To Limit The Login Attempts On WordPress For Free? Security To Prevent Brute Force

    by Best Webhosting Added 26 Views / 0 Likes

    In today's video tutorial, we'll learn a simple, fast, and effective way to prevent brute force attacks on your WordPress website by limiting the login attempts for free Why Has Online Security Never Been More Essential https://visualmodo.com/online-security-essential/ How To Add a Security Question To Login At WordPress Dashboard? https://www.youtube.com/watch?v=jQOPMPPBvjQ How To Hide WordPress Login Page From Public? Website Security Guide https://

  • WordPress Username Hack - Stop Hackers Finding Out Your Username By Brute Force

    WordPress Username Hack - Stop Hackers Finding Out Your Username By Brute Force

    by Best Webhosting Added 73 Views / 0 Likes

    Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL Download our exclusive 10-Point WP Hardening Checklist: http://bit.ly/10point-wordpress-hardening-checklist WordPress Username Hack - Stop Hackers Finding Out Your Username By Brute Force Ever since WordPress 3.0 webmasters have had the ability to choose their own usernames when installing WordPress, which helps in reducing the number of successful brute force login attacks

  • Popular WordPress Login Lockdown Stops Brute Force Attacks On The Login Page

    WordPress Login Lockdown Stops Brute Force Attacks On The Login Page

    by Best Webhosting Added 117 Views / 0 Likes

    Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL WordPress Login Lockdown Stops Brute Force Attacks On The Login Page https://youtu.be/KdN98CtXtiA Plugin in repo: https://en-ca.wordpress.org/plugins/login-lockdown/ Wordpress Login Lockdown is a brute force hacking security plugin. It will help reduce the chances of a brute force attach being successful. It is very similar to Limit Login Attempts Reloaded with one importan

  • How To Remove The WordPress Version Number From Your Site  - Hacker Proofing | WP Learning Lab

    How To Remove The WordPress Version Number From Your Site - Hacker Proofing | WP Learning Lab

    by Best Webhosting Added 91 Views / 0 Likes

    Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL Download our exclusive 10-Point WP Hardening Checklist: http://bit.ly/10point-wordpress-hardening-checklist How To Remove The WordPress Version Number From Your Site - Hacker Proofing | WP Learning Lab remove_action('wp_head', 'wp_generator'); //Remove WordPress version from site In this tutorial you're going to learn how to remove the WordPress version number (WordPress ge

  • Protect Your WordPress WP-Config.php Via .htaccess - Hacker Proofing Your Site | WP Learning Lab

    Protect Your WordPress WP-Config.php Via .htaccess - Hacker Proofing Your Site | WP Learning Lab

    by Best Webhosting Added 98 Views / 0 Likes

    Grab Your Free 17-Point WordPress Pre-Launch PDF Checklist: http://vid.io/xqRL Download our exclusive 10-Point WP Hardening Checklist: http://bit.ly/10point-wordpress-hardening-checklist Protect Your WordPress WP-Config.php Via .htaccess - Hacker Proofing Your Site | WP Learning Lab # BEGIN Protect the wp-config.php file (left pointy bracket)files wp-config.php(right pointy bracket) order allow,deny deny from all (left pointy bracket)/files(right poin

RECOMMENDED WEB HOSTING

FASTCOMET

Fastcomet

HOSTGATOR

HOSTGATOR

BLUEHOST

BLUEHOST

SITEGROUND

SITEGROUND

A2 HOSTING

A2 HOSTING

HOSTINGER

HOSTINGER

DREAMHOST

DREAMHOST

ACCU WEBHOSTING

ACCU WEBHOSTING

MILESWEB

MILESWEB

HOSTPAPA

HOSTPAPA


RSS