Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Latest post by nicholas on Tuesday, 18 February 2025 10:07 CST
Hello,
We'r using Qualys to identify critical vulnerabilities and he detected an "WordPress XML-RPC Pingback Abuse" vulnerabilities on one of our website.
The "Disable XML-RPC" option is on "Yes" and however the issue is still here. Is there an issue with this option ? What can we do to resolve that vulnerabilitie ?
Thanks !
As documented, when you use the Disable XML-RPC option in Admin Tools the xmlrpc.php file is accessible but ALWAYS returns HTTP 405 without honouring the command it received, i.e. it is pretending that the authorisation failed. This is by design, to confuse bots. Guess what? Qualys also uses a bot to evaluate your site, and we confused it too! There is nothing to worry about. What you see is a false positive.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!