WordPress includes a feature called XML-RPC that enables data to be transmitted by HTTP and XML to encode the data. The issue with security is that it allows you to access a website from any custom admin software or mobile applications vs. using the browser.
Fortunately for the non-techies, there is a free plugin that can do this for you.
Installation
Use the .htaccess file in the root folder. This process is not too complicated, but you need to keep in mind you can easily break the site. Most hosts can perform this change as part of their service. If they do not, get another host as they should take security seriously.
In the root folder where you find your wp-config file, you should see the .htaccess file. If you do not, you need to turn on your hidden files usually in the FTP program there is an option or the file manager in your hosting control panel.
# Block WordPress xmlrpc.php requests
order deny,allow
deny from all
allow from 123.56.789.111
You will want to place under the BEGIN WordPress rules.
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
# Block WordPress xmlrpc.php requests
order deny,allow
deny from all
allow from 123.56.789.111
If you do want to allow a specific IP, you can add the last line "allow from 123.56.789.111" and replace 123.56.789.111 with your IP.
That's it! If you need any help with managing your WordPress website, feel free to comment or contact us.
You must be logged in to post a comment.
