Bobcares

block xmlrpc in cloudflare

by | Oct 18, 2022

Let, us take a closer look and learn in detail how to block xmlrpc in Cloudflare within a few simple steps put forward by Server management support services at Bobcares.

Steps to block WordPress XMLRPC using Cloudflare

block xmlrpc in cloudflare

All free CloudFlare plans come with 5 firewall rules, so there is no cost to you for creating the following rule:

  1. Firstly, we must connect to Cloudflare and pick the domain we wish to manage.
  2. Choose ‘Firewall’ from the main menu.
  3. To create a Firewall rule, click the button.
  4. Give the new rule a name – anything goes.
  5. Now we need to develop rules to match XML-RPC-specific requests as the next step to block xmlrpc in Cloudflare:

    1: Field: URI Path

    2:Operator: contains

    3:Value: /xmlrpc.php

  6. We can also include the following rule, although it is not essential. Aside from the first rule we made, click the “And” button (not the “Or” one!). You’re in big trouble if we click ‘Or.’

    1: Field: Request Method

    2:Operator: equals

    3:Value: POST

  7. Then we must decide which action CloudFlare will take. We recommend selecting ‘Block.’
  8. Then click the ‘Save and Deploy’ button.

And that’s it; XML-RPC queries to the WordPress site will be intercepted and banned before they reach the WordPress site thereby blocking xmlrpc in Cloudflare.

Please keep in mind that Cloudflare is a strong technology, and implementing the Firewall blocking rule wrong may disrupt normal site access. If anything unusual or broken occurs as a result of this, we can erase the rule we just made and return the site to normal.

Block XML RPC in WordPress using CloudFlare’s firewall

We can block xmlrpc in Cloudflare. The WordPress /xmlrpc.php code has a lengthy history of brute-force attacks. Using a.htaccess rule, we can (and probably should) disable this on the website.

This terminates the requests but consumes server resources to check and deny them. If we have Cloudflare, we can disable it at the firewall, which means the web server is never even contacted for the request.

So, once we have  changed the .htaccess to include the following command line to complete the process:

Files xmlrpc.php
order deny,allow
deny from all
Files

We should additionally create the following Cloudflare firewall rule:

  • Rule Name: Block XML RPC (xmlrpc.php)
  • Field: URI Path
  • Operator: contains
  • Value: xmlrpc.php
  • Then…: Block

Alternatively, using the expression editor, enter (http.request.uri.path contains “xmlrpc.php”). To make the rule live, press “DEPLOY,” and then test it using the following:

/xmlrpc.php

and

//xmlrpc.php

This second item is a typical attempt to circumvent blocking rules.

[Need assistance with similar queries? We are here to help]

Conclusion

To conclude we have b ow learned how to block xmlrpc in Cloudflare using Cloudflare’s firewall in a few simple steps with the support of our Server management support Services at Bibcres.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.