Resolving XMLRPC DDoS WordPress Attack with .htaccess

Brute Force Attacks against WordPress have always been very common.
Here is how to temporarily stop a Brute Force Attack exploiting XML-RPC (xmlrpc.php) in WordPress by adding the following code to your .htaccess file:

Method 1:
# Redirect WordPress xmlrpc.php requests
RewriteRule ^xmlrpc\.php$ "http\:\/\/0\.0\.0\.0\/" [R=301,L]

Method 2:
# Block WordPress xmlrpc.php requests - Cause high CPU load
<Files xmlrpc.php>
order deny,allow
deny from all
#allow from # Uncomment and add your IP if required

Was this answer helpful?

Also Read

GET/POST Security with .htaccess

Below is a useful code to block out some common exploits for GET/POST values with .htaccessSimply...

I cannot Access my Website / Unban IP from Firewall

If you can't access your website and email, this is most likely due to your IP address being...

.htaccess rules to Harden your website’s Security

Below you see a list of the important rules that you can add to your .htaccess file to harden...

Force a Directory to load in HTTPS SSL

Use the following .htaccess code to force a particular directory to load in HTTPS/SSL mode. #...

Block visitors by IP address using .htaccess

Deny access based upon IP address, or an IP block, by placing the following code into your...