Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Latest post by on Thursday, 20 March 2025 15:17 CDT
Hello,
We'r using Qualys to identify critical vulnerabilities and he detected an "WordPress XML-RPC Pingback Abuse" vulnerabilities on one of our website.
The "Disable XML-RPC" option is on "Yes" and however the issue is still here. Is there an issue with this option ? What can we do to resolve that vulnerabilitie ?
Thanks !
As documented, when you use the Disable XML-RPC option in Admin Tools the xmlrpc.php file is accessible but ALWAYS returns HTTP 405 without honouring the command it received, i.e. it is pretending that the authorisation failed. This is by design, to confuse bots. Guess what? Qualys also uses a bot to evaluate your site, and we confused it too! There is nothing to worry about. What you see is a false positive.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
This ticket has been automatically closed.
All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.