Stop XML-RPC Attacks

Beskrivning

Stop XML-RPC Attacks protects your WordPress site from XML-RPC brute force attacks, DDoS attempts, and reconnaissance probes while maintaining compatibility with essential services like Jetpack and WooCommerce.

Features:

Three security modes: Full Disable, Guest Disable, or Selective Blocking
Blocks dangerous methods: system.multicall, pingback.ping, and more
Compatible with Jetpack and WooCommerce
Optional user enumeration blocking
Attack logging for monitoring
Zero configuration required – works out of the box
Clean, intuitive admin interface

Installation

Upload the plugin files to /wp-content/plugins/stop-xmlrpc-attacks/
Activate the plugin through the ’Plugins’ menu in WordPress
Go to Settings > XML-RPC Security to configure (optional)

Vanliga frågor

Will this break Jetpack?

No! The default ”Selective Blocking” mode is fully compatible with Jetpack and WooCommerce.

What’s the difference between the security modes?

Full Disable: Maximum security, disables XML-RPC completely
Guest Disable: Balanced approach, only allows XML-RPC for logged-in users
Selective Blocking: Best compatibility, only blocks dangerous methods

How do I enable logging?

Go to Settings > XML-RPC Security and check ”Enable Attack Logging”. Logs will be written to your debug.log file when WP_DEBUG is enabled.

Recensioner

Anonymous User 16344271 24 september 2022 1 svar

Nice plugin thanks

Sandip Roy 21 februari 2022

It works silently in the background. This is the only security plugin I use, since a W***fence update broke my site about a year back. Gives me a peace of mind.