Stop XML-RPC Attack

Block all access to your xmlrpc.php, except for JetPack and Automattic. Will poll ARIN for Automattic's subnets and update your .htaccess.

Author:alfreddatakillen (profile at wordpress.org)
WordPress version required:4.0
WordPress version tested:4.1
Plugin version:1.0.3
Added to WordPress repository:28-01-2015
Last updated:28-01-2015
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
Rating, %:88
Rated by:8
Plugin URI:http://wordpress.org/extend/plugins/stop-xmlr...
Total downloads:13 763
Active installs:4 000+
plugin download
Click to start download

Do you get a lot of brute force attacks, DOS/DDOS and spam, targeting the XML-RPC interface in WordPress? You could just block xmlrpc.php access in your .htaccess file, but that will also cause much of Jetpack to stop functioning as expected. Jetpack is based off a two-way communication between your server and Automattic's servers, and that requires your xmlrpc.php to be accessible from Automattic's end.

This WordPress plugin will block access to xmlrpc.php from everywhere, except the JetPack/Automattic's subnets. On a regular basis, the plugin will poll ARIN and update your .htaccess to allow the subnets that belongs to AUTOM-93 (which is Automattic, Inc.).