After reviewing logs, I’ve decided to block one of the most taken advantage of vectors in hacking my WordPress blog. Namely, WordPress’ xmlrpc.php file. Now, since I’m already using a reverse proxy, and I don’t really like going the plugin route for such a simple block, I just added the ff. code in my Nginx config to block all access:

location = /xmlrpc.php {
	deny all;
}

Logging onto my dashboard this morning, I’m pleased to find attempts go to 0 on my WordPress installation. Just a simple change can have a huge impact on WordPress security.


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.