DDOS attacks on XMLRPC.php (Fixed)

wordpressXMLRPC.php is php file included with wordpress installation, it allows posting of content remotely through supported web blogs to wordpress blog, it provide many other features as well having many pros and cons. As far as web site security is concerned XMLRPC.php file is famous among hackers and attackers.

Most of the wordpress blogs get hits by attackers on XMLRPC.php usually called DDOS attacks. During the attack XMLRPC.php gets many requests and that makes web site goes down with excessive usage of allocated resources. Some web hosting providers suspend those accounts for high resource usage issues.

If you’re one of them, then you should secure your wordpress by following simple step:

Open .htaccess file in any text editor or through cPanel default web code editor, .htaccess file is located in your home directory /public_html or any other where you have installed wordpress.

Now add following below line at the end of .htaccess file, save your file.

RewriteRule ^xmlrpc\.php$ "http\:\/\/0\.0\.0\.0\/" [R=301,L]

And that is all! no more DDOS attacks.

What it does ?
It redirects all the requests made to XMLrpc.php to an invalid IP, so you will not get any more down times or high resource usage alerts.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>