XML RPC Vulnerability

Looks like this poor little blog was victim of a recent spate of WordPress hack attacks, using the xmlrpc.php file (used for implementing access to the wordpress functionality from remote clients). My Apache logs are freakin stuffed with tens of thousands of POSTs to this url, which apparently can cause the server to bork.

.htaccess updated to block it, plus the feature is now disabled. And WordPress updated. Let’s see how we go now..

Leave a Reply

Your email address will not be published. Required fields are marked *