Stop XML-RPC Attacks

Description

Stop XML-RPC Attacks protects your WordPress site from XML-RPC brute force attacks, DDoS attempts, and reconnaissance probes while maintaining compatibility with essential services like Jetpack and WooCommerce.

Features:

  • Three security modes: Full Disable, Guest Disable, or Selective Blocking
  • Blocks dangerous methods: system.multicall, pingback.ping, and more
  • Compatible with Jetpack and WooCommerce
  • Optional user enumeration blocking
  • Attack logging for monitoring
  • Zero configuration required – works out of the box
  • Clean, intuitive admin interface

Installation

  1. Upload the plugin files to /wp-content/plugins/stop-xmlrpc-attacks/
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Go to Settings > XML-RPC Security to configure (optional)

FAQ

Will this break Jetpack?

No! The default « Selective Blocking » mode is fully compatible with Jetpack and WooCommerce.

What’s the difference between the security modes?

  • Full Disable: Maximum security, disables XML-RPC completely
  • Guest Disable: Balanced approach, only allows XML-RPC for logged-in users
  • Selective Blocking: Best compatibility, only blocks dangerous methods

How do I enable logging?

Go to Settings > XML-RPC Security and check « Enable Attack Logging ». Logs will be written to your debug.log file when WP_DEBUG is enabled.

Avis

21 février 2022
It works silently in the background. This is the only security plugin I use, since a W***fence update broke my site about a year back. Gives me a peace of mind.
Lire les 4 avis

Contributeurs/contributrices & développeurs/développeuses

« Stop XML-RPC Attacks » est un logiciel libre. Les personnes suivantes ont contribué à cette extension.

Contributeurs

“Stop XML-RPC Attacks” a été traduit dans 2 locales. Remerciez l’équipe de traduction pour ses contributions.

Traduisez « Stop XML-RPC Attacks » dans votre langue.

Le développement vous intéresse ?

Parcourir le code, consulter le SVN dépôt, ou s’inscrire au journal de développement par RSS.

Journal des modifications

2.0.0

  • Added admin interface with visual settings
  • Three security modes to choose from
  • Optional attack logging
  • Improved code quality and security
  • Full internationalization support

1.0.1

  • Initial release
  • Basic blocking of dangerous methods