Knowledgebase

How to prevent wordpress xmlrpc.php attack Print this Article

Xmlrpc is a type of attack in which your site goes down and if you see the error log of nginx
tailf /var/log/nginx/error.log then there will be several xmlrpc request error. here is the fix for this.
Here is the steps i used to fix this issue with Fail2ban.

# apt-get install fail2ban iptables

# cd /etc/fail2ban

# cp jail.conf jail.local

# vim jail.local

Paste and append bellow lines at the end of file

[xmlrpc]
enabled = true
filter = xmlrpc
action = iptables[name=xmlrpc, port=http, protocol=tcp]
logpath = /var/log/nginx/access.log
bantime = 43600
maxretry = 2

Save.Now Create a fail2ban filter for this.

# vim /etc/fail2ban/filter.d/xmlrpc.conf

[Definition]
failregex = ^<HOST> .*POST .*xmlrpc\.php.*
ignoreregex =

Save and exit

# service fail2ban restart

Also Read

how to use cloudflare SSL with nginx
Using cloudflare for your website gives so many of options and flexibility for your web. Free...

Complete Webserver- Ubuntu 14.04, apache, php-fpm, fail2ban, ufw, mariadb-server
A complete webserver for hosting heavy traffic php based CMS websites like wordpress, drupal etc...

How to change timezone settings in ubuntu and centos
NTP is a service in unix/linux which synchronize local server time with public time (NTP)...

dns server setup with ubuntu 14.04 VPS
We can setup a vps by using bind9 package # apt-get update #apt-get install bind9 # cd...

Use PHP5-FPM with Apache 2 on KVM VPS CentOs 6.8
If we need a high traffic website host on apache due to .htaccess rules ( which is very painfull...

Knowledgebase

How to prevent wordpress xmlrpc.php attack Print this Article

Was this answer helpful?

Also Read