內容簡介
什麼是 xmlrpc.php?
XML-RPC 是一種遠程過程調用(RPC)協議,是 WordPress 中包含的一個功能,可實現數據傳輸。它使用 HTTP 作為傳輸機制,並使用 XML 編碼其呼叫。
除非您使用遠程技術和移動應用程序來更新 WordPress 網站,否則您可能對 XML-RPC 不熟悉。對於未接觸過此功能的用戶,可以使用 xmlrpc.php 建立到 WordPress 的遠程連接,並在直接登錄 WordPress 系統的情況下更新您的網站。
XML-RPC 確實很有用,可以在 WordPress 和各種外部應用程序之間啟用遠程連接。另一方面,禁用此功能可以幫助改善您網站的安全性。
為什麼應該禁用 xmlrpc.php?
問題在於 xmlrpc.php 會造成安全風險。它為您的網站創建了一個額外的訪問點,這可能會使它容易受到外部攻擊。每次驗證 XML-RPC 時,都需要提供用戶名和密碼。正如您所想,從安全角度來看,這並不理想。
例如,為了防止暴力攻擊,您可以限制 WordPress 網站上的登錄嘗試。然而,啟用了 XML-RPC,這個限制就不存在了。登錄嘗試沒有上限,這意味著只是時間問題,就會被有決心的網絡罪犯入侵。
禁用此功能將關閉黑客攻擊的潛在入口。
自 WordPress 3.5 起,XML-RPC 功能已默認開啟。此外掛物完全禁用了可被黑客利用的 XML-RPC API,以簡單易用的方式禁用/啟用 XML-RPC API。
要求
WordPress 3.8.1 或更高版本。
外掛標籤
開發者團隊
原文外掛簡介
What Is xmlrpc.php?
XML-RPC is a remote procedure call (RPC) protocol, a feature included in WordPress, which enables data to be transmitted. It uses HTTP as the transport mechanism, and XML to encode its calls.
Unless you use remote technologies and mobile applications to update your WordPress site, you might not be familiar with XML-RPC. For the uninitiated, you can use xmlrpc.php to establish a remote connection to WordPress, and make updates to your site without directly logging in to your WordPress system.
XML-RPC is indeed useful for enabling remote connections between various external applications and WordPress. On the other hand, disabling this feature can help improve your site’s security.
Why You Should Disable xmlrpc.php?
The problem is that xmlrpc.php poses a security risk. It creates an additional access point to your site, which could leave it vulnerable to external attacks. Every time you authenticate XML-RPC, you need to supply your username and password. As you can imagine, this isn’t exactly ideal for security purposes.
For example, in order to prevent brute force attacks, you can limit login attempts on your WordPress site. However, with XML-RPC enabled, that limit does not exist. There’s no capping on login attempts, which means it’s only a matter of time before a determined cybercriminal gains access.
By disabling the feature, you are closing a potential area of entry for hackers.
XML-RPC functionality is turned on by default since WordPress 3.5. This plugin completely disables the XML-RPC API which can be abused by hackers on a WordPress site, providing an easy and simple way to disable/enable the XML-RPC API.
Requirements
WordPress 3.8.1 or higher.
