How to securely use xmlrpc

I like to post an article to wordpress through Byword or Ulysses. And those tools use wordpress’s xmlrpc.php.

By the way if you use xmlrpc.php with your own server , you might face up to infinite attacks which target xmlrpc.php. And I horribly experience it.

If you want to independently operate your wordpress blog on your own server , I recommend to block xmlrpc.php access from anonymous users with the code below.

<FilesMatch "xmlrpc.php

order deny,allow
deny from all
allow from [Your IP address] // Allow the only your ip address

Put the code above into your .htaccess file in the root folder of wordpress.

Leave a Reply