Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Latest post by on Thursday, 20 March 2025 15:17 CDT
Hello,
We'r using Qualys to identify critical vulnerabilities and he detected an "WordPress XML-RPC Pingback Abuse" vulnerabilities on one of our website.
The "Disable XML-RPC" option is on "Yes" and however the issue is still here. Is there an issue with this option ? What can we do to resolve that vulnerabilitie ?
Thanks !
As documented, when you use the Disable XML-RPC option in Admin Tools the xmlrpc.php file is accessible but ALWAYS returns HTTP 405 without honouring the command it received, i.e. it is pretending that the authorisation failed. This is by design, to confuse bots. Guess what? Qualys also uses a bot to evaluate your site, and we confused it too! There is nothing to worry about. What you see is a false positive.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
This ticket has been automatically closed.
All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.
Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!