MainWP Blog

Protecting Child Sites From XML-RPC Brute Force Attacks
MainWP How To's
Sebastian Moran

Protecting Child Sites From XML-RPC Brute Force Attacks

WordPress in its core has a function called XML-RPC, which a limited number of plugins still use like Jetpack. More plugins used to use it when the only method would have been to use the XML-RPC. Most plugins now use the WordPress REST API to connect to a site to pull data from it, by either read or write access. XML-RPC is still targeted for brute force attacks on WordPress sites. A number of CDNs like Cloudflare and Sucuri will protect XML-RPC by default. Cloudflare even offers an easy way to redirect XML-RPC to the home page of a site

Sebastian Moran January 21, 2019 2 Comments

Administrators Love MainWP

MainWP was the best thing I found 8 years ago when I started my company in WordPress support. It saves me so much time managing the updates of the websites of my clients. The MainWP... Read More...

Jos Klever

Owner at Jos Klever Web Support

MainWP has hands down saved hours of time updating plugins and themes for different websites my business manages. I love how it can be installed on a WP install and then allow me to group sites, install... Read More...

Alessio Rigoli

Business Owner/Entrepreneur at AGR Technology

Simply a fantastic tool. It saves countless hours updating and managing WordPress sites with a friendly and easy-to-use user interface. The free version is excellent, and the extensions... Read More...

Alex Tester

Owner at Smooth Media Ltd

Read more MainWP Testimonials

MainWP Affiliate Disclosure: Some of the links contained in the post or pages are “affiliate links.” This means if you click on the link and purchase or subscribe to a recommended item, We will receive an affiliate commission. We only recommend products or services we believe have value to MainWP users and readers. This is disclosed in accordance with the Federal Trade Commission’s 16 CFR, Part 255: “Guides Concerning the Use of Endorsements and Testimonials in Advertising.
© MainWP - WordPress Management without the SaaS! 2014 - 2024 - Terms of Service - Privacy Policy - Cookie Policy - Support Policy - Refund Policy - MainWP Domain Use - DPA
Facebook Twitter Trello Users

Looking for something?

Search MainWP support and documentation.

Privacy laws apply to businesses that collect personal information. Since no personal information is collected by the MainWP plugins, no privacy laws apply to the MainWP plugins. This includes GDPR, UK DPA 2018, PIPEDA, Australia Privacy Act 1988, LGPD, PIPL, and other privacy laws.
Donata Stroink-Skillrud
Donata Stroink-Skillrud
President of Agency Attorneys

Your Download Is Just One Click Away

…or just download the plugin.

By entering your email, you agree to our Terms of Service and Privacy Policy.