Xmlrpc.php


#1

EE does not seem to have any nginx location configs for xmlrpc attacks, any suggestions on how best to deal with these?


#2

For anyone who wants to prevent the xmlrpc Brute Force Attack, you can simply deny all access to the file via nginx:

location = /xmlrpc.php {
    deny all;
}

Warning: this will prevent some third party services (valutpress) from working.


#3

@datagroove

Nice one, also you can delete xmlrpc.php if not needed.


#4

Hello @datagroove

It’s been a long time, and we haven’t heard from you. It looks like your issue is resolved.

I am closing this support topic for now. Feel free to create a new support topic if you have any queries further. :slight_smile:


#5