#2 way hackers hack WordPress - Disable XMLRPC in WordPress

Рет қаралды 1,549

3 ай бұрын

Did you know 4.7 million WordPress sites are hacked every year? Don't be a hackers favorite target, In this video you will learn the number #2 way hackers get into WordPress sites and how to stop them!
Grab your free 11-Point WordPress Security Checklist PDF: wplearninglab.com/get/wordpre...
Always backup your site just in case (or use a staging site), here's how: • WPvivid Backup, Stagin...
Join our private Facebook group today! / wplearninglab
//*
Here are 20+ reasons why I host all my sites with SiteGround: wplearninglab.com/siteground-...
//*
Post videos of your WordPress success using the hashtag #WPLLCommunity!
Get on the Unofficial Ultimate Guide To Elementor course waiting list here (no obligation): elementor.convertri.com/eleme...
Here's the link for Elementor Pro (aff): wplearninglab.com/recommends/...
I hope this information helps you! If you have any questions leave a comment below or ping me @WPLearningLab on Twitter.
WP Learning Lab Channel: kzfaq.info_c...

Пікірлер: 23

@wplearninglab 16 күн бұрын

# BEGIN Disable XML-RPC.PHP Order Deny,Allow Deny from all # END Disable XML-RPC.PHP

@osvaldowesly9993 2 ай бұрын

Outstanding and excellent educational video Bjorn. All of your tutorial videos are truly outstanding.

@wplearninglab 2 ай бұрын

Thanks Osvaldo and thanks for watching!

@visualmodo 2 ай бұрын

Thanks for your video!

@wplearninglab 2 ай бұрын

You're welcome Visual, thanks for watching! Let me know if you have any questions :)

@sethmillz 2 ай бұрын

Thanks for this

@wplearninglab 2 ай бұрын

You're welcome, thanks for watching! Let me know if you have any questions :)

@randbaldwin 3 ай бұрын

Early in the video I saw you had Wordfence. Why did you edit the htaccess file to disable xmlrpc instead of just choosing the setting in Wordfence to disable it?

@wplearninglab 3 ай бұрын

Hi Rand, good question! In my videos I like to show different ways to do the same thing. For example, some people like to use plugins and others don't, so I like to show how to do the same thing with or without a plugin. I don't use Wordfence much anymore because it uses a lot of resources and can slow websites down. I don't think it's on any of my sites at the moment actually. Did you see residue Wordfence code in the .htaccess file? And even though I don't use Wordfence for the reason above, I'll still make a video for it in the future because other people may not be worried about the resources usage. Or their hosting is so fast it compensates for Wordfence.

@raghavgakhar09 23 күн бұрын

hi, need your help -- I added this code in htaccess.. nd it says "forbidden to access htaccess"

@wplearninglab 16 күн бұрын

Did it give you that message before your after you added the code?

@marianadegraftdickson2586 3 ай бұрын

Hi, It's okey to disable from the .htaccess and with plugin too, is doble effective of it doesn't matter.

@wplearninglab 3 ай бұрын

Hi Mariana, disabling the XMLRPC.php file from both .htaccess and using a plugin wouldn't break anything, but you don't need to do both. Just one or the other. I hope that helps, thanks for watching!

@raghavgakhar09 23 күн бұрын

where is that code to disable xml rpc? I checked all comments, didn't find.

@wplearninglab 16 күн бұрын

Thanks for letting me know! I've added it to the pinned comment and I'll paste it here: # BEGIN Disable XML-RPC.PHP (left pointy bracket)Files xmlrpc.php(right pointy bracket) Order Deny,Allow Deny from all (left pointy bracket)/Files(right pointy bracket) # END Disable XML-RPC.PHP And sorry for the delay. I'm still trying figure out my summer holiday work schedule!

@j8o437nqcr7b 3 ай бұрын

Hey Bjorn. Why is your video unlisted? Anyway, I took a look at my logs and found out that most of the attacks are xmlrpc based on one of my websites. Over 560 log reports and majority is xmlrpc related. After switching my log in page and getting blackhole for bad bots as stated in your other video. I then shut them down using this method. Already i can say that with the hiding of the log in page I've seen a decrease in login attempts. Will give feedback after getting enough data on disabling the xlmrpc file. Thanks again for the video

@wplearninglab 3 ай бұрын

Nice work! It just takes a few little tweaks to make a big difference in regards to website security. Why is this video unlisted? It's complicated, haha. I often record, edit and upload videos in bulk and I often make several related videos at the same time and link them together by referencing other videos from each video. This video, which I haven't scheduled to be published yet, is referenced by other videos that have published over the past few week. By keeping it set to unlisted, this video can be watched when some gets to it from another video. But as soon as this video is scheduled for future publishing, it's set to "private" by KZfaq and can't be watched until it's published. I would prefer to schedule everything in advance and have it be a little more "hands-off", but then it's bad experience for anyone who tries to watch a video that is scheduled and not yet published. I hope KZfaq changes that somehow in the near future :)

@j8o437nqcr7b 3 ай бұрын

@@wplearninglab Good Day Bjorn! Thanks again for the video. And ah, I understand regarding the unlisted video. This sounds like a quite a bit of work. I came back also to give you feedback on your advice in the videos. I gave myself a few days so that I can analyse the result of the adjustments. Just for context: I use hostinger Firstly. CPU usage is down as well as memory usage, I haven't had any faults that occurred in the past couple of days Secondly. I haven't had any xmlrpc attacks ever since I set this up. What I have noticed is that they don't give up and will try to spam your comments in your blogposts. I'm about to watch your video on akismet, a plugin that I have blatantly ignored to my own peril lol Thanks again Bjorn. I've subscribed and clicked the bell icon.