XMLRPC.PHP

XMLRPC.PHP

If you found this page through non-malicious means, chances are you are trying to figure out why you are receiving an unusually large volume of traffic to this file and are trying to fix it.

XMLRPC.PHP is a file that allows for other services to interface with your WordPress installation for automatic updates, such as with plugins or content. Sounds great in theory but, not so much in practice. Certain segments of the Internet being as they are, quickly moved to turn this feature into an exploit. If you aren’t comfortable with modifying the core site code on the server end, the best solution to stopping brute force XMLRPC attacks would be to search for one of the top plugins and defer to its recommendations for securing this hole. As plugins can change over time, I would recommend using the rank system and reviewing user feedback to determine which one is best at the time you are reading this.