Disabling XML-RPC
If you have been reading this blog for awhile, you will probably realize that onMason, like many WordPress blogs, has been under constant attack by hackers for quite some time. We’ve had brute force login attacks and comment spam problems (between April 2014 and June 2014). However, I like to think that we’ve done a decent job mitigating those attacks.
The latest thing that the hackers are trying to do is to exploit the XML-RPC interface. WordPress uses the XML-RPC interface to handle Pingbacks and allow remote publishing programs like the WordPress mobile app and Windows Live Writer to work.
To mitigate this latest attack, we are disabling the XML-RPC interface since almost no users actually use either Pingbacks or remote publishing programs.