Linux server administration tips: WordPress xmlrpc vulnerability

There are four ways that WP‘s XML-RPC API could be abused by an attacker:

Intel gathering — attacker may probe for specific ports in the target’s internal network
Port scanning — attacker may port-scan hosts in the internal network
DoS attacks — attacker may pingback via large number of sites for DoS attack
Router hacking — attacker may reconfigure an internal router on the network

Possible workarounds:

1. If you aren’t using the XML-RPC functionality for anything, to protect against any vulnerabilities, add below lines .htaccess:

# protect xmlrpc
<IfModule mod_alias.c>
RedirectMatch 403 /xmlrpc.php
</IfModule>

----------------------------------------------
2. To redirect requests for xmlrpc.php to a custom page, modify the RedirectMatch like so:

# protect xmlrpc
<IfModule mod_alias.c>
Redirect 301 /xmlrpc.php http://example.com/custom-page.php
</IfModule>

----------------------------------------------
3. Denying all access to xmlrpc.php:

# protect xmlrpc
<Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>

----------------------------------------------
4. Allow access to xmlrpc.php for specific IP addresses only.

# protect xmlrpc
<Files xmlrpc.php>
Order Deny,Allow
Deny from all
Allow from <IP>
Allow from <IP>
</Files>

Linux server administration tips

Saturday 2 August 2014

WordPress xmlrpc vulnerability

No comments:

Post a Comment