Quick tip for BBQ Pro users. You may have heard about the various ways that bad actors can attack the WordPress
xmlrpc.php file. Here are a couple of examples for those who may be unfamiliar. To help protect against
xmlrpc.php attacks, you can add a simple rule to BBQ Pro’s custom firewall patterns. This tutorial explains how to do it in 10 seconds or less.
xmlrpc.phpfile. In my experience most sites never use it, but there are exceptions. If in doubt, do some research: there are tons of posts about “WordPress xml-rpc” out there, as well as the official xml-rpc documentation at the WordPress Codex.
Protect against xml-rpc attacks
Here are the steps to block all requests for the WordPress
- Visit the BBQ Pro settings and enable “Custom Rules”
- Visit the BBQ Pro Custom Firewall rules
- In the “Request URI” section, click “Add Pattern”
- Enter “xmlrpc.php” and save changes
After saving the changes, you can test that the file is blocked from all access by clicking the “Test” button next to the firewall rule.