Resolving XMLRPC DDoS WordPress Attack with .htaccess

Brute Force Attacks against WordPress have always been very common.
Here is how to temporarily stop a Brute Force Attack exploiting XML-RPC (xmlrpc.php) in WordPress by adding the following code to your .htaccess file:

Method 1:
# Redirect WordPress xmlrpc.php requests
RewriteRule ^xmlrpc\.php$ "http\:\/\/0\.0\.0\.0\/" [R=301,L]

Method 2:
# Block WordPress xmlrpc.php requests - Cause high CPU load
<Files xmlrpc.php>
order deny,allow
deny from all
#allow from 123.123.123.123 # Uncomment and add your IP if required
</Files>

Was this answer helpful?

Also Read

Block Bad Bots and Spiders using .htaccess

Below is a useful code block for blocking a lot of the known bad bots and site rippers currently...

.htaccess 301 Redirect Generator

A simple .htaccess 301 redirect generator to be used to create SEO friendly permanent redirects....

.htaccess RewriteRule Examples

Here are some useful mod_rewrite RewriteRule redirect examples that you can use in your .htaccess...

GET/POST Security with .htaccess

Below is a useful code to block out some common exploits for GET/POST values with .htaccessSimply...

Do you support mod_rewrite for apache?

Yes, mod_rewrite is enabled on your server. For more information on what mod_rewrite is and how...