BRUTEFORCE ATTACK ANALYSIS VIA XMLRPC.PHP FILE ON WORDPRESS

Yusuf Nurrachman; R.Sulistiyo Wibowo, S.Sn.,M.Sn; Nofiandri Setyasmara, M.T

doi:10.46961/jip.v13i2.1890

BRUTEFORCE ATTACK ANALYSIS VIA XMLRPC.PHP FILE ON WORDPRESS

Authors

Yusuf Nurrachman Politeknik Negeri Media Kreatif, Indonesia
R.Sulistiyo Wibowo, S.Sn.,M.Sn Politeknik Negeri Media Kreatif, Indonesia
Nofiandri Setyasmara, M.T Politeknik Negeri Media Kreatif, Indonesia

DOI:

https://doi.org/10.46961/jip.v13i2.1890

Abstract

WordPress provides an XML-RPC feature through the xmlrpc.php file for external communication. However, this filter is often exploited as a brute-force attack vulnerability because it supports system.multicall, which allows multiple login attempts in a single request. This study analyzed brute-force attacks against xmlrpc.php through simulations in a local environment using WPscan and a Python script called lokoscannerX_ver1. Testing was conducted using two scenarios: WordPress without security and WordPress with security using the Disable XML-RPC plugin and .htaccess file configuration. The results showed that WordPress without security was easily attacked and overloaded the virtual server on the test environment. Meanwhile, after implementing the Disable XML-RPC plugin, attacks were blocked and prevented, while the .htaccess configuration only blocked execution but still allowed user information to be detected. This study emphasizes the importance of disabling XML-RPC as a basic WordPress security measure.

Downloads

Published

2025-12-31

How to Cite

Nurrachman, Y., R.Sulistiyo Wibowo, S.Sn.,M.Sn, & Nofiandri Setyasmara, M.T. (2025). BRUTEFORCE ATTACK ANALYSIS VIA XMLRPC.PHP FILE ON WORDPRESS. Jurnal Ilmiah Publipreneur, 13(2), 46–56. https://doi.org/10.46961/jip.v13i2.1890

Download Citation

Issue

Vol. 13 No. 2 (2025): Jurnal Ilmiah Publipreneur

Section

Articles

Citation Check

License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

The Authors submitting a manuscript do so on the understanding that if accepted for publication, copyright of the article shall be assigned toÂ Jurnal Ilmiah Publiprenuer and Politeknik Negeri Media Kreatif, Indonesia as the publisher of the journal.

Copyright encompasses exclusive rights to reproduce and deliver the article in all form and media, including reprints, photographs, microfilms, and any other similar reproductions, as well as translations. The reproduction of any part of this journal, its storage in databases and its transmission by any form or media, such as electronic, electrostatic and mechanical copies, photocopies, recordings, magnetic media, etc. will be allowed only with written permission from the Jurnal Ilmiah Publiprenuer and Politeknik Negeri Media Kreatif, Indonesia.

Jurnal Ilmiah Publiprenuer and Politeknik Negeri Media Kreatif, Indonesia. The Editorial Team makes every effort to ensure that no wrong or misleading data, opinions, or statements be published in the journal. In any way, the contents of the articles and advertisements published in the Jurnal Ilmiah Publiprenuer and Politeknik Negeri Media Kreatif are the sole and exclusive responsibility of their respective authors and advertisers.

Statement of Authenticity and Manuscript Copyright can be downloaded: here

After filling in the statement letter, please attach it as the supplementary file submission or send via e-mail: [email protected]