I saw some sites were talking about the WordPress vulnerabilities and they were right and it made me worried a bit too. Today, I will tell you a simple but very effective way to protect your sites by closing two weak points found in WordPress.
Alright, I found two files were browse-able and that was not any good news. I had to take a step to stop it and you will also know now what I did.
Which are those two files?
I was very able to browse those two files simply typing the following things in the address bar of my browser, https://novicecamp.com/xmlrpc.php or https://novicecamp.com/readme.html.
Attackers could easily get information using those two files and try to do bad. I want to make it “access denied” for all. There are plugins available to do that but I would do it here manually and it is very easy for anyone. Please follow me.
I would simply add these following lines at the bottom of my .htaccess file from cPanel and then I will save it and I will go out of the cPanel.
Please copy these codes and paste them into your .htaccess file.
<files xmlrpc.php> Order Allow,Deny Deny from all </files> <files readme.html> Order Allow,Deny Deny from all </files>
Note: I have talked a bit about the .htaccess file (where it is and how to edit it as well). Please read (Prevent username enumeration in WordPress) before you proceed.
Yes, I have done the things mentioned above and now I will type, https://novicecamp.com/readme.html and then https://novicecamp.com/xmlrpc.php in the address bar of any browser. Really! It shows “access denied”. So, please make your “xmlrpc.php and readme.html” access denied as well.
All the best.