Resolving XMLRPC DDoS WordPress Attack with .htaccess

Brute Force Attacks against WordPress have always been very common.
Here is how to temporarily stop a Brute Force Attack exploiting XML-RPC (xmlrpc.php) in WordPress by adding the following code to your .htaccess file:

Method 1:
# Redirect WordPress xmlrpc.php requests
RewriteRule ^xmlrpc\.php$ "http\:\/\/0\.0\.0\.0\/" [R=301,L]

Method 2:
# Block WordPress xmlrpc.php requests - Cause high CPU load
<Files xmlrpc.php>
order deny,allow
deny from all
#allow from 123.123.123.123 # Uncomment and add your IP if required
</Files>

Was this answer helpful?

Also Read

Secure Joomla with .htaccess

Advanced .htaccess rules that will overall secure and increase the speed of your Joomla...

Block visitors by IP address using .htaccess

Deny access based upon IP address, or an IP block, by placing the following code into your...

Block Bad Bots and Spiders using .htaccess

Below is a useful code block for blocking a lot of the known bad bots and site rippers currently...

.htaccess 301 Redirect Generator

A simple .htaccess 301 redirect generator to be used to create SEO friendly permanent redirects....

How to execute php code as .htm or .html files

In your .htaccess file insert this line of code. addhandler application/x-httpd-php .htm .html