prevent wordpress xmlrpc.php attack

Sometimes you may see too many POST requests to xmlrpc.php in your apache access log. Large number of hits to xmlrpc.php can slow down your site or even bring it down. Easiest way to fix it is to block such IPs using Apache config directives. Here are quick steps to do it.

First find the major IPs hitting xmlrpc.php

$ cat access_log | grep "xmlrpc.php" | awk -F '{print $1}' | sort | uniq -c

This command will give you major IPs which are attacking your web sites. To block these use the following apache config:

<Location /xmlrpc.php>
   <RequireAll>
      Require all granted
      Require not ip IP1 IP2 ...
   </RequireAll>
</Location>

Note that this works in Apache versions 2.4 and above.

Share this article: share on Google+ share on facebook share on linkedin tweet this submit to reddit

Comments

Click here to write/view comments