prevent wordpress xmlrpc.php attack

By | Last updated on

Sometimes you may see too many POST requests to xmlrpc.php in your apache access log. Large number of hits to xmlrpc.php can slow down your site or even bring it down. Easiest way to fix it is to block such IPs using Apache config directives. Here are quick steps to do it.

First find the major IPs hitting xmlrpc.php

$ cat access_log | grep "xmlrpc.php" | awk -F '{print $1}' | sort | uniq -c

This command will give you major IPs which are attacking your web sites. To block these use the following apache config:

<Location /xmlrpc.php>
   <RequireAll>
      Require all granted
      Require not ip IP1 IP2 ...
   </RequireAll>
</Location>

Note that this works in Apache versions 2.4 and above.

Suggested posts:

  1. Block directory access using htaccess 404
  2. Bulk convert jpeg files to png using sips on mac
  3. CSS – inline-block and baseline alignment
  4. PHP sort associative array using custom compare function
  5. How to log page latency and url host in apache log
  6. Disable directory listing in apache
  7. Convert wordpress page to posts and vice versa
  8. Why and how to log Content-Type in apache access log
Share this article: share on facebook share on linkedin tweet this submit to reddit
Posted in | Tagged , , , ,