XMLRPC.php failed login | WordPress.org

Resolved samuelmarcinko
(@samuelmarcinko)

5 years, 5 months ago
Hello. I want to ask a question. I’m receiving a WordFence emails and notifications that someone tried to login. Full message is:

`Dongguan, China attempted a failed login using an invalid username “[login]”. https://test.etilog.com/xmlrpc.php
9. 10. 2020 8:08:44 (32 minutes ago)
IP: 149.129.52.21 Hostname: 149.129.52.21
Human/Bot: Human
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 `

I’ve got about 100 requests from different IP addresses and countries.
I blocked XMLRPC.php using .htaccess by adding
```
# Deny access to xmlrpc.php file
<files xmlrpc.php>
order allow,deny
deny from all
</files>
```
But I’m still receiving notifications about failed attempt. How can I fix that ? Or blocking using .htaccess above is enought ? Thank you for help

Here you can see attempts in WordFence
https://prnt.sc/uvxihy
- This topic was modified 5 years, 5 months ago by samuelmarcinko.
The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Support wfpeter
(@wfpeter)

5 years, 5 months ago

Hi @samuelmarcinko, thank-you for contacting us over this and letting us know that you’ve already made the .htaccess change.

Access to that page may have been allowed for other reasons. Commonly, the WordPress app if you have 2FA or ReCAPTCHA enabled and the Jetpack plugin amongst other services do require access to XML-RPC. As a result of this, it is a common route to be tried as you can see from the attempts screenshot you included. Do you think any of those are the case with your site?

If you haven’t already, from Wordfence > Login Security > Settings you can tick the box for Disable XML-RPC authentication and let me know if the login attempts cease.

Thanks,

Peter.

Thread Starter samuelmarcinko
(@samuelmarcinko)

5 years, 5 months ago

I tried to install Disable XML-RPC plugin and it look that attempts for login are fixed. I didn’t see any new attempts for login

Plugin Support wfpeter
(@wfpeter)

5 years, 5 months ago

Hi @samuelmarcinko, that’s great news!

If you ever have any other queries about Wordfence in the future, please open a new topic and we’ll be glad to help you.

Peter.

xsiv
(@xsiv)

5 years, 5 months ago

You can set the security to xmp-rpc in file manager to 0000
i think that should work

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘XMLRPC.php failed login’ is closed to new replies.

Tags

4 replies
3 participants
Last reply from: xsiv
Last activity: 5 years, 5 months ago
Status: resolved