Support Online
MirrorLooking Glass
GenixNodeGenixNode
Client Panel
Skip to main content

Preventing WordPress XML-RPC Attacks (Ubuntu)

Keyword: WordPress XML-RPC attack prevention

What Will You Learn in This Guide?

In this guide, you will learn to protect your WordPress site against XML-RPC based attacks.
You will learn to detect and stop this traffic that consumes server resources.
Exact solution methods for Apache and Nginx are explained.

Technical Summary

  • Technical Topic: Preventing WordPress XML-RPC attacks on Ubuntu
  • Solved Problem: MySQL gets tired and the site crashes via xmlrpc.php
  • Steps Followed:
    1. Intrusion detection in log files
    2. Reducing the load with a jetpack
    3. XML-RPC blocking at Apache level
    4. XML-RPC blocking at Nginx level

Detecting XML-RPC Attacks

XML-RPC attacks generally appear with the following symptoms:

  • “Error establishing database connection” message
  • Sudden increase in RAM and CPU on the server
  • Extensive POST /xmlrpc.php records in log files

If you're using Apache:

grep xmlrpc /var/log/apache2/access.log
  • This command searches for XML-RPC requests in Apache access logs.

If you are using Nginx:


grep xmlrpc /var/log/nginx/access.log
  • This command lists XML-RPC traffic in Nginx access logs.

If you see a lot of output, your server is under attack.

Method 1: Protection with Jetpack Plugin

  1. Jetpack's Protect feature reduces the XML-RPC attack load by approximately 90%. This method relieves the pressure on the database.

Application steps:

  1. Log in to WordPress panel

  2. Go to Plugins → Add New

  3. Install and activate Jetpack

  4. Connect with WordPress.com account

  5. Verify that Protect is active

Note: Jetpack reduces the attack, it does not stop it completely.

Method 2: Blocking XML-RPC at Apache Level

  • This method is the safest if you are not using a mobile application or Jetpack.

sudo nano /etc/apache2/sites-available/000-default.conf
  • This command opens the Apache default site configuration.

Add between VirtualHost tags:


<Files xmlrpc.php>
    Order allow,deny
    Deny from all
</Files>
  • This configuration completely disables XML-RPC access.
  • Restart Apache:

sudo service apache2 restart
  • Activates the changes.

Method 3: Blocking XML-RPC at Nginx Level

  1. If you are using Nginx, blocking is done through the server block.

sudo nano /etc/nginx/sites-available/ornek.com
  • This command opens the Nginx configuration for the relevant domain.
  • add inside server block:

location /xmlrpc.php {
    deny all;
}
  • Rejects XML-RPC requests at the Nginx level.
  • Restart Nginx:

sudo service nginx restart
  • Activates the configuration.
  1. Verifying Blocking is Working

  • Requests are reduced if you use Jetpack

  • In manual blocking, 403 or 500 is seen instead of HTTP 200

  • It is normal for requests to appear in the logs

  • The important thing is that the requests are not processed.

Frequently Asked Questions (FAQ)

1. Will turning off XML-RPC harm my site? No. It is safe if you do not use a mobile application.

2. I installed Jetpack, but the attack continues, why? Jetpack reduces the load. The exact solution is at the server level.

3. Why does my server crash frequently? XML-RPC attacks consume MySQL memory.

4. Isn't firewall enough? No. XML-RPC should be blocked at the application level.

Result

XML-RPC attacks are a serious threat to WordPress sites. With the right precautions, performance loss and crashes can be prevented.

🚀 You can easily apply these security steps in the GenixNode infrastructure. You're ready for faster, more secure WordPress projects.