1

I'm using wordpress, now. And today I find out that my xmlrpc.php file is enabled. Now, I want disable it. But what I do below does't work

<Files xmlrpc.php>
    Order Deny,Allow
    Deny from all
</Files>

Actually, all *.php files won't work using this way. But, if the files don't end with .php, it works 

<Files "test.txt">
    Order Deny,Allow
    Deny from all
</Files>

this is my .htaccess file , and I try write it in httpd.conf too, same result

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
</IfModule>
<Files xmlrpc.php>
    Order Deny,Allow
    Deny from all
</Files>
<Files "php_test.php">
    Order Deny,Allow
    Deny from all
</Files>
<Files "test.txt">
    Order Deny,Allow
    Deny from all
</Files>

test.txt

I got this when I visit test.txt in my server. But the php_test.php I got this picture

php_test.php

I have tried many ways to slove this , now I need help , thank you guys

weizhengxing
  • 11
  • 3
  • i had try your `htaccess` file but it's work – Parth Chavda May 18 '16 at 12:24
  • http://www.inmotionhosting.com/support/website/wordpress/disable-xml-rpc-requests like this , how works ? thanks – weizhengxing May 18 '16 at 12:26
  • @Parth Chavda is there any other settings cause this problem? – weizhengxing May 18 '16 at 12:29
  • yes it's work for core php as well as wordpres – Parth Chavda May 18 '16 at 12:29
  • may be this will hekp you https://wordpress.org/support/topic/xmlrpcphp-attack-on-wordpress-38 – Parth Chavda May 18 '16 at 12:32
  • @ParthChavda backup and delete this file or add "add_filter('xmlrpc_enabled', '__return_false');" in the wp-config.php can slove this. But what I want to know is why only .php files don't work with tag. Could you please help me some more? is there any setting affect this ? My English not good enough to look through what you have given me so fast. – weizhengxing May 18 '16 at 12:40

2 Answers2

0

I have alternative solution put below code in site related plugin.

add_filter('xmlrpc_enabled', '__return_false');
Parth Chavda
  • 1,819
  • 1
  • 23
  • 30
  • yes, thank you ,I find this a little early.But why tag does't work with my .php files. Do you know that? Thanks – weizhengxing May 18 '16 at 12:43
  • which server you used ? – Parth Chavda May 18 '16 at 12:44
  • have you enabled rewrite mode ? @weizhengxing because in my site it's work great – Parth Chavda May 18 '16 at 12:45
  • apache , sure I enable it. Now , I going to use my virtual machine, try to find what's different. Hope it will be helpful. – weizhengxing May 18 '16 at 12:50
  • Simply, I add " Order Deny,Allow Deny from all" in httpd.conf on my virtual machine , it works. But I still don't know what's wrong with my server. – weizhengxing May 18 '16 at 12:58
  • http://stackoverflow.com/questions/12202387/htaccess-not-working-apache @weizhengxing – Parth Chavda May 18 '16 at 13:02
  • Hello, today I find this, I use php-fpm in my apache server. When I comment out "ProxyPassMatch^/(.*\.php)$fcgi://127.0.0.1:10000/yjdata/www/wordpress/$1" in "" tag. I try it again. It works. Now what should I do to disable the access to .php files, many thanks.I mean in the config files. Sure, it can be done use regular expression. I'm a stubborn guy. – weizhengxing May 19 '16 at 03:00
  • I find the same question here http://serverfault.com/questions/618954/apache-2-4-php-fpm-proxypassmatch-and-access-restriction – weizhengxing May 19 '16 at 04:06
  • @weizhengxing you have found out proper solution please put your answer here and accept that....these will also help to other. – Parth Chavda May 19 '16 at 04:45
0

@Parth Chavda

ProxyPass /xmlrpc.php !

Put the code above in front of your the code below in the <Virtual Host *80>tag

ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:10000/yjdata/www/wordpress/$1

And try to visit http://www.yourdomin.com/xmlrpc.php, you get this!!!!

Forbidden

You don't have permission to access /xmlrpc.php on this server

This problem get fixed.Thanks for the help from Parth Chavda.

weizhengxing
  • 11
  • 3