You are Just awesome... You are helping so many novice WordPress user's like myself to protect their site from hacker.Thank you Sir and Respect.
@wplearninglab7 жыл бұрын
You're welcome. I'm glad that you get value from these videos. Thanks for watching!
@tinapetrovicz97415 жыл бұрын
Thank you! Super easy fix. Way better than banning IP's or hosts trying to hack.
@wplearninglab5 жыл бұрын
You're welcome Tina, thanks for watching! Let me know if you have any questions :)
@kreaturesden44659 жыл бұрын
So does this work or not? How can I test if its working correctly? I've done exactly as you've instructed in this video.. however I'm concerned others in your comment section are saying it doesn't work.
@hermesmercuriustrismegistu48413 жыл бұрын
I tried the method of htacess and that of including a filter in functions.php of the theme and the plug-in that disable xmlrpc nothing is working!! Every time i put website_address/xmlrpc.php I get the message “XML-RPC server accepts POST requests only” why nothing is taking effect. Even I installed wordfence.
@aileqadinusaq9 жыл бұрын
Hi, ot doesnt work. I past your code, but when i go scfwca.gov.az/xmlrpc.php always say XML-RPC server accepts POST requests only. Please help me . What can i do?
@infoDecor1018 жыл бұрын
Have a important question : Previosly, i have added "Wp config.php " code , into htaccess file , do we have to post it right below the previous codes ? or new htaccess file ?
@DanZL15 жыл бұрын
Does it make a difference in which directory the htaccess files exists? Mine is not in the root directory where your is but in local host. Should I move it?
@wplearninglab5 жыл бұрын
Each directory on your site can have its own htaccess file. The one I'm editing and working with in all my tutorials so far is in the root. You can simply create a new one in the root and add code to it. You probably shouldn't move the one you found because it may have rules in it for the directory it's in. I hope that helps and thanks for watching! Let me know if you have any further information please :)
@DanZL15 жыл бұрын
Watching all your security .htaccess videos as this is any first time on WP and it's scary reading all the hacking and website break comments. Plus I also read that the website can break when a plugin updates. Not a very stable platform?
@wplearninglab5 жыл бұрын
It's quite stable and secure. The trouble is that WordPress is the most used CMS on the internet, so it's a large target for hackers. The other trouble is that anyone can create a plugin or theme for WordPress. They may not be the best coders and their plugins can break sites. Usually, if you uninstall the plugin at fault the site is fixed. There are also plugin conflicts sometimes, even among well-coded plugins. If you go with a more structure platform like Wix or SquareSpace you'll have less of these issues, but also way less freedom to do what you want with your site. It's a trade-off.
@DanZL15 жыл бұрын
@@wplearninglab Thanks for the reply. So why doesn't WP vett every plugin before it goes live to protect its users like all the app stores. Otherwise any TDH can create a malicious plugin and mess everyone up. Isn't there a plugin approval process before it goes live? Or perhaps a third party service that validates the plugin for compatability? Plus I am sure WP has Minimum requirements and standards that must be met for plugin developers? I have used SS extensively and it's pretty awesome but has limited functionality. Certainly not for creating a career board.
@cgsouq3dmodels4 жыл бұрын
Dear you have amazing skills and i learn alot from your videos, can you please make a video on "WP Cerber Security" thanks
@wplearninglab9 жыл бұрын
[VIDEO] Disable WordPress XMLRPC.PHP - Common brute force hacker exploit kzbin.info/www/bejne/jZqskq1jftBmqqc #WordPress #tutorial
@andrewmartin85654 жыл бұрын
Very good. Thank you.
@wplearninglab4 жыл бұрын
You’re welcome Andrew, thanks for watching!
@iSohaibKhan Жыл бұрын
What if we're using nginx server? The code would still work or we have to write other line of codes according to the server selection?
@JacopoSergioCardia9 жыл бұрын
Hi i find your tutorial very useful for my studies but i need more help on a php file can you help me?
@wplearninglab9 жыл бұрын
+Jacopo Sergio Cardia I can try, which PHP file do you need help with?
@imranhaa5 жыл бұрын
Hi I wanted to know if this will work for my issue. Some people can access my website, some people can't and it comes up with the message post request message. If I do this, will it work? I've only just launched my business and this is driving me crazy!
@optionbinarie5 жыл бұрын
Great video... I have a slightly different problem. When I access my website with www it loads fine but when I use the version without www I get an error that says : XML-RPC server accepts POST requests only. Any idea how to fix this? I have searched for hours but I can't find a solution
@wplearninglab5 жыл бұрын
Hi Olivier, I haven't encountered that issue before. You could redirecting the non-www version of your site to the www version. Which is what you want to do anyway. It's not good for SEO to have your site loading for both www and non-www. Here's a tutorial that will help with the redirect: kzbin.info/www/bejne/aHrWnoiam7ycpas It's a band-aid for the problem, but after doing this you may never encounter that problem again.
@optionbinarie5 жыл бұрын
Thanks for taking the time and reply. The site is already rediredcting but there is an error that is causing this and after hours and hours of troubleshooting I found that this error was caused by a plugin (swift performance). After disabling it and removing the code it left behind everything went back to normal and the site works now fine. I have the exact same setup with same theme and plugins on a different host and everything works fine. I have also tried the plugin on a differet site and same host and it works so the host doesn't seem to be the issue. Seems there is a conflict or maybe php problem or something, but I can't find it.... I know this is advaced but do you maybe have any advice ?
@MrFelipeowen8 жыл бұрын
On WP 4.5+ this file is called xmlrpc.php. At least that's what it is on my installs.
@adikarama41616 жыл бұрын
should I delete the XMLRPC.PHP file?
@comparetrainer65265 жыл бұрын
I tried this code but it stops my login to wordpress
@bharatk67907 жыл бұрын
My site is down and it's showing this error "The server encountered an internal error or misconfiguration and was unable to complete your request."
@wplearninglab7 жыл бұрын
+d Kard Did this happen after you made some changes? If so, undo the changes and it should come back immediately.
@bharatk67907 жыл бұрын
I just got rid of it and installed the ithemes security plugin.
@wplearninglab7 жыл бұрын
+d Kard Good work and good choice, the iThemes security plugin is great.
@bharatk67907 жыл бұрын
Thx
@rodrigocaugusto8 жыл бұрын
Hello, when I insert the code in my .htaccess 500 error appears on my website. you can tell why? thank you
@StevePringle8 жыл бұрын
If you copy and paste from the video without changing (left pointy bracket) and (left pointy bracket) to < and >, then that is the cause. I would paste into Notepad then into your .htaccess file to see if you have additional characters.
@tangodigitalsystems6 жыл бұрын
it does helped me today, and I subscribed immediately and turned on the post notification, I never knew my ass was on fire since until today I saw the xml-rpc.php in my source code and tested it and it was left on, I forgot to get rid of it when I install SEO plugin.
@wplearninglab6 жыл бұрын
Thanks for the sub! Much appreciated! There's a lot we don't know about website security until we know it :)
@caglargulucan Жыл бұрын
Thank you!
@mrigankabarooah41634 жыл бұрын
How do i enable it for jetpack publicize?
@OnlinebijobberDktue9 жыл бұрын
Didn't work. The hacker does still go to the url (/xmlrpc.php) like 10 times a sec.
@wplearninglab9 жыл бұрын
Tue Lindblad (Onlinebijobber) Could you share your URL so that I can take a look? Are you seeing the hacker accessing that file through your server logs?
@OnlinebijobberDktue9 жыл бұрын
Yes, through the server log. The site is onlinebijobber.dk Thank you
@wplearninglab9 жыл бұрын
Tue Lindblad (Onlinebijobber) Hi Tue. I was born not far south of Danmark (10 minutes from Dusseldorf, Germany). You're website and videos look great, good work! I'll take a serious look at your XMLRPC issue soon. It's Canada Day here, so we're in full celebration mode for the rest of the week.
@OnlinebijobberDktue9 жыл бұрын
Awesome. Thank good i found you on KZbin :) - Tue
@smorfnimda4 жыл бұрын
I just blocked it using Wordfence
@wplearninglab4 жыл бұрын
Yep, that's another way to do it. Some people prefer to use as few plugins as possible. This is an option for them.
@cgsouq3dmodels4 жыл бұрын
yeah i want to know also where is that option to disable it? thanks
@FameFanTV7 жыл бұрын
the coding dosent work man it gives an error in the server !!!
@wplearninglab7 жыл бұрын
+dino seiko Hey Dino, you probably didn't replace parts you needed before you saved the htaccess. Unfortunately, KZbin doesn't allow the pointy brackets (Shift period and Shift comma) in the descriptions. But they do allow then in the comments oddly enough. The code below should work: # BEGIN Disable XML-RPC.PHP Order Deny,Allow Deny from all # END Disable XML-RPC.PHP
@FameFanTV7 жыл бұрын
ok thanks i will try again !
@wplearninglab7 жыл бұрын
+dino seiko You're welcome, let me know how it goes!
@MagaaloNet8 жыл бұрын
i don't need to Disable Word Press XMLRPC.PHP....i just delete XMLRPC.PHP file from word press simple
@Hobbitstomper5 жыл бұрын
Keep in mind, deleting a core wordpress file is never a good idea, as certain other core files might include the file internally (though it's probably not used, but just included), which then leads to errors or even a complete shutdown of the website. Also, each time you update WordPress, the file will be restored.
@richardgenck26925 жыл бұрын
Can I just delete the file?
@BeyondTshirts9 жыл бұрын
Cool! Thanks!
@wplearninglab9 жыл бұрын
workwithksmusselman No problem. Glad you liked it!
@michaela55865 жыл бұрын
So many Russian bot attacks me.
@wplearninglab5 жыл бұрын
Yeah, they're pretty active. If they're attacking your login page you can try moving it using this method: kzbin.info/www/bejne/pmjUqYamqb-cnJI I hope that helps and thanks for watching!
@michaela55865 жыл бұрын
@@wplearninglab Thanks, I'll look at it.
@wplearninglab5 жыл бұрын
Sounds good, let me know if it helps. Here are two other tutorials that may help depending on what the boys are doing. 1. Blocking bad bot traffic: kzbin.info/www/bejne/Znykq3p6fdZgZ68 2. Hiding WP footprint: kzbin.info/www/bejne/hnvWpXSLaJmGorM
@michaela55865 жыл бұрын
@@wplearninglab I'll look at both of those too, thank you!