LexBlog Sites Protected from Latest WordPress-Reported Security Threat

Yesterday, the WordPress community shared news of a security vulnerability. Without a security fix, self-hosted WordPress sites using XML-RPC protocol could be taken down almost instantly. This news comes as the latest in a series of security vulnerabilities associated with XML-RPC; previously, XML-RPC has been used maliciously in distributed denial of service attacks (DDoS).

Although no instances of LexBlog sites being taken down were reported since this vulnerability was identified, we have taken preventative action in light of this news.

Today we took final steps to fully disable XML-RPC across all of our installations of WordPress. We had previously disabled a portion of this protocol as a security measure and now have fully disabled it. This will continue to limit the ability for our sites to accept third-party applications (e.g. the WordPress mobile app), but we believe security takes priority.

Have more questions? Submit a request


© LexBlog | Terms of Service | Privacy Policy