Jetpack: Protection From Brute Force XML-RPC Attacks

You may have read the recent news report from Sucuri about the latest vulnerability to your WordPress XML-RPC file: Brute Force Amplification Attacks via WordPress XML-RPC


Brute force attacks against XML-RPC are one of the oldest and most common types of attacks to your site. Recently, according to Sucuri’s post above, attackers have found a way to “amplify” these attacks – making it easier for attackers to try and break into your site.

How can you protect yourself from brute force attacks?

Simple. Use Jetpack’s Brute force protection module.

Sam Hotchkiss, one of our Jetpack developers, wrote an article today on his blog going over the more technical details on how this new attack method works and how Jetpack protects you from this new threat.

If you’re running Jetpack with brute force protection enabled, you don’t need to do anything to keep yourself safe from this. We’ve already got it taken care of for you!

This entry was posted in Features and tagged , , . Bookmark the permalink.

Carolyn S. profile
Carolyn S.

Bacon bacon bacon!

Explore the benefits of Jetpack

Learn how Jetpack can help you protect, speed up, and grow your WordPress site.

Get up to 50% off your first year.

Compare plans

Have a question?

Comments are closed for this article, but we're still here to help! Visit the support forum and we'll be happy to answer any questions.

View support forum


  1. immanueldmasinsin says:

    Do we have “protect” enabled on our Jetpack? Check out the following message…

    Liked by 1 person

    • Carolyn Sonnek says:

      Your message didn’t come through, but you can check to see if Protect is enabled by ensuring that Jetpack is connected to your user account, then check under Jetpack -> Settings and scroll down to see if Protect is activated. If so, you’re all set!

      Liked by 1 person

  2. Sam Hotchkiss says:

    Reblogged this on Sam Hotchkiss.


  3. Brad Russell says:

    Awesome! My site has been a target of such attacks. Do we need the latest version of Jetpack for this to be enabled?


    • Carolyn Sonnek says:

      While we strongly encourage that you keep WordPress install, your themes, and your plugins up-to-date by using the most recent version – as long as you’re using Jetpack 3.4 or above, you should be covered for this specific vulnerability.

      We have made other security improvements to Jetpack since we introduced Protect, so I highly recommend you update to the most recent version of Jetpack to ensure you’re fully protected.


  • Enter your email address to follow this blog and receive news and updates from Jetpack!

    Join 112.3K other subscribers
  • Browse by Topic

  • %d bloggers like this: