Change permissions
Posted: Sun Jan 05, 2025 6:37 am
Typically, files in the root directory of a WordPress site have permissions of 644, which means that the files are readable and writable by the file owner, readable by users in the group that owns the file, and readable by everyone else. According to WordPress documentation, file permissions wp-config.php should be set to 440 or 400 to prevent other users on the server from reading it. You can easily change this using your FTP client.
wp-config.php permissions
On some hosting gambling data singapore platforms, permissions may be different because the user who manages the web server does not have write access to the files. If you are unsure, contact your hosting provider.
Disable XML-RPC
XML-RPC has become an increasingly large target for brute-force attacks in recent years. As Sucuri points out, one of the hidden features of XML-RPC is that you can use the system.multicall method to execute multiple methods within a single request. This is very useful because it allows an application to pass multiple commands within a single HTTP request . But there are also times when this method is used for malicious purposes. There are a few WordPress plugins, like Jetpack, that rely on XML-RPC, but most people don’t need it and it can be useful to simply disable access to it. Not sure if XML-RPC is working on your site? Danilo Ercoli from the Automattic team wrote a small tool called XML-RPC Validator. You can run your WordPress site through it to check if it has XML-RPC enabled. If not, you’ll see a failure message, as shown in the image below from the Kinsta blog.
wp-config.php permissions
On some hosting gambling data singapore platforms, permissions may be different because the user who manages the web server does not have write access to the files. If you are unsure, contact your hosting provider.
Disable XML-RPC
XML-RPC has become an increasingly large target for brute-force attacks in recent years. As Sucuri points out, one of the hidden features of XML-RPC is that you can use the system.multicall method to execute multiple methods within a single request. This is very useful because it allows an application to pass multiple commands within a single HTTP request . But there are also times when this method is used for malicious purposes. There are a few WordPress plugins, like Jetpack, that rely on XML-RPC, but most people don’t need it and it can be useful to simply disable access to it. Not sure if XML-RPC is working on your site? Danilo Ercoli from the Automattic team wrote a small tool called XML-RPC Validator. You can run your WordPress site through it to check if it has XML-RPC enabled. If not, you’ll see a failure message, as shown in the image below from the Kinsta blog.