How to find the IP that is requesting my xmlrpc.php file wordpress?

Question

I am using wordpress for a very high traffic website. The log of php5-fpm shows that xmlrpc.php file is executing too slow.

[03-May-2016 16:47:32] WARNING: [pool www] child 17754, script '/var/www/html/test/xmlrpc.php' (request: "POST /xmlrpc.php") executing too slow (10.292389 sec), logging

I disabled the xmlrpc function from functions.php file by adding a filter:

add_filter('xmlrpc_enabled', '__return_false');

But it doesn't work. The warning is still appearing. I think some bot or ip is hitting it. So, how can I find which IP is requesting the xmlrpc.php file so that I can disable it?

Answer 1

Look like there're no action hooks we can use when a client makes a request to xmlrpc.php. But we can use wp-config.php.

Try this in your wp-config.php file:

function wpse37002439_get_ip_address() {
  if ( !empty($_SERVER['HTTP_CLIENT_IP']) ) {
    $ip = $_SERVER['HTTP_CLIENT_IP'];
  } elseif( !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ) {
    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
  } else {
    $ip = $_SERVER['REMOTE_ADDR'];
  }
  return $ip;
}

if ( defined('XMLRPC_REQUEST') ) {
  $ip = wpse37002439_get_ip_address();
  $content = '[' . date('Y-m-d H:i:s', $_SERVER['REQUEST_TIME'])
             . '] [CAPTURED IP: ' . $ip . '] [REMOTE_ADDR: ' . $_SERVER['REMOTE_ADDR'] . "] \n";
  file_put_contents(__DIR__.'/wp-content/xmlrpc_access.log', $content, FILE_APPEND);
}

Make sure xmlrpc_access.log file is available. You can change it on your own.

I strongly recommend to take a look at this topic.