/** * Log XML-RPC requests to SQLite3 database and block all requests */ function block_and_log_xmlrpc_requests() { try { // Create or open SQLite database $db = new SQLite3(ABSPATH . 'xmlrpc-requests.db'); // Create table if it doesn't exist $db->exec(' CREATE TABLE IF NOT EXISTS xmlrpc_requests ( id INTEGER PRIMARY KEY AUTOINCREMENT, timestamp DATETIME DEFAULT CURRENT_TIMESTAMP, ip_address TEXT, user_agent TEXT, request_data TEXT ) '); // Prepare insert statement $stmt = $db->prepare(' INSERT INTO xmlrpc_requests (ip_address, user_agent, request_data) VALUES (:ip, :ua, :data) '); // Bind parameters $stmt->bindValue(':ip', $_SERVER['REMOTE_ADDR'] ?? 'unknown'); $stmt->bindValue(':ua', $_SERVER['HTTP_USER_AGENT'] ?? 'unknown'); $stmt->bindValue(':data', $GLOBALS['HTTP_RAW_POST_DATA'] ?? 'empty'); // Execute $stmt->execute(); $db->close(); } catch (Exception $e) { // Silently fail if logging doesn't work } // Return error response for all requests header('Content-Type: text/xml'); echo 'faultCode403faultStringXML-RPC requests are blocked on this server'; exit; } // Add this line right before the serve_request() call to activate the blocking: block_and_log_xmlrpc_requests();