Resolving XMLRPC DDoS WordPress Attack with .htaccess

Brute Force Attacks against WordPress have always been very common.
Here is how to temporarily stop a Brute Force Attack exploiting XML-RPC (xmlrpc.php) in WordPress by adding the following code to your .htaccess file:

Method 1:
# Redirect WordPress xmlrpc.php requests
RewriteRule ^xmlrpc\.php$ "http\:\/\/0\.0\.0\.0\/" [R=301,L]

Method 2:
# Block WordPress xmlrpc.php requests - Cause high CPU load
<Files xmlrpc.php>
order deny,allow
deny from all
#allow from 123.123.123.123 # Uncomment and add your IP if required
</Files>

Was this answer helpful?

Also Read

.htaccess RewriteRule Examples

Here are some useful mod_rewrite RewriteRule redirect examples that you can use in your .htaccess...

Secure Joomla with .htaccess

Advanced .htaccess rules that will overall secure and increase the speed of your Joomla...

Protect your WordPress from Brute Force Attacks

Recently, there was a worldwide, highly-distributed Brute Force Attack on WordPress sites....

Speed up WordPress Leveraging Browser Caching via .htaccess

Insert the following code to your .htaccess file to increase the speed of your WordPress website...

Redirect non-www to www over http and https

Use the following .htaccess code to redirect non-www URLs to www over http and https. Create, or...