If XMLRPC is enabled, it can serve as a gateway for Brute Force DDoS attacks, so it is advisable to disable this feature if it is not necessary. In WordPress, you can easily stop XMLRPC by adding a code snippet to the .htaccess file. While using a plugin is also an option, it is not necessary for such a simple functionality.
# BEGIN protect xmlrpc.php
<files xmlrpc.php>
order allow,deny
deny from all
</files>
# END protect xmlrpc.phpBy default, Cloudways disables XMLRPC at the application level. If you need to enable the XMLRPC feature, you can follow the instructions below.
If you are planning to create a basic website or blog, Bluehost is a cost-effective web hosting option worth considering. However, for websites that demand high speed, cater to a large audience, or are critical for businesses, it is recommended to opt for services like Cloudways, which provide faster performance. When you sign up for Cloudways, you can take advantage of a 15% discount by using the promo code WPCAFE15 and enjoy three days of free usage.
Cloudways: Enabling/Disabling XMLRPC
When hosting WordPress on Cloudways, an international cloud hosting provider, you may encounter errors when attempting tasks such as automated posting using the XMLRPC feature. In such cases, please check if XML-RPC is not disabled.
To enable XMLRPC on Cloudways, first select the respective application on the Applications page.
From the Application Management screen, select Application Settings.
Scroll down and switch the XMLRPC ACCESS option from Disable to Enable. (The above image shows the Disable state.)
Once this option is changed to Enable, XMLRPC access will be allowed.
Setting XMLRPC access only for specific IP addresses
When allowing XMLRPC access, there is a risk of attacks like DDoS. It is preferable to restrict access to only specific IP addresses rather than allowing access to everyone.
Connect via SFTP and open the .htaccess file, then add the following lines:
# Deny the access of xmlrpc.php
<FilesMatch "xmlrpc\.php">
order deny,allow
Deny from all
Allow from 123.123.1.2
</FilesMatch>Please replace the IP address with the desired address that should be allowed. You can find your computer's IP address by searching "my IP address" on Google. Multiple IP addresses can be allowed.
Although it may require some effort, you can choose to enable this feature on Cloudways only when needed and disable it once the task is completed. This approach can be considered if the use of XMLRPC is infrequent. However, if it is frequent, you can enable XMLRPC using the above method and add code to the .htaccess file to allow only your IP address to access XMLRPC.