Cyber Security Vulnerability

  • Unknown's avatar
    rachelmarybell · Member ·

    Our local authority Cyber Security department have sent me the following email:

    We found an active XMLRPC.php file at the root of your site. Numerous vulnerabilities have been associated with XML-RPC and in most cases sites do not require the remote access functionality that it provides.

    If your site does not use XML-RPC then we suggest:
    • Restricting access to the XMLRPC.php file by amending the .htaccess file.
    • Referring to your relevant site documentation on how to remove it.
    If your site requires XML-RPC then we suggest only allowing access to it from specific listed IP addresses.

    I’m afraid I don’t fully understand this – we use the website mainly to present information – there are only a few members of staff who can log in as admin to update it.

    Could you advise (in plain English please!) what the file they refer to does and what the impact would be of removing it. Also are you able to remove it please?

    I look forward to hearing from you,

    Rachel Bell (Headteacher)

    WP.com: Yes
    Correct account: Yes

    The blog I need help with is: (visible only to moderators and staff)

  • staff-blorbo · Staff ·

    Hi there, XML-RPC is not a security risk, and blocking or removing XML-RPC is not an excellent solution for fighting security risks. Instead, it’s akin to selling your car because you don’t want it to be stolen.

    Your site’s XML-RPC file is like a communication gateway to your site. Some features here, the WordPress Mobile Apps, and other plugins and services will use this file to communicate to your site. If this is blocked, you will have different issues pop up down the road for the same reasons.

    Please let us know if you have any more questions!

  • The topic ‘Cyber Security Vulnerability’ is closed to new replies.