Resolving XMLRPC DDoS WordPress Attack with .htaccess

Brute Force Attacks against WordPress have always been very common.
Here is how to temporarily stop a Brute Force Attack exploiting XML-RPC (xmlrpc.php) in WordPress by adding the following code to your .htaccess file:

Method 1:
# Redirect WordPress xmlrpc.php requests
RewriteRule ^xmlrpc\.php$ "http\:\/\/0\.0\.0\.0\/" [R=301,L]

Method 2:
# Block WordPress xmlrpc.php requests - Cause high CPU load
<Files xmlrpc.php>
order deny,allow
deny from all
#allow from 123.123.123.123 # Uncomment and add your IP if required
</Files>

  • Email, SSL
  • 4 Users Found This Useful
Was this answer helpful?

Related Articles

Do you support mod_rewrite for apache?

Yes, mod_rewrite is enabled on your server. For more information on what mod_rewrite is and how...

How to execute php code as .htm or .html files

In your .htaccess file insert this line of code. addhandler application/x-httpd-php .htm .html

Disabling Magic Quotes GPC

How to turn off magic quotes gpc (required by Joomla 3 and some other scripts).1. Create a...

How can I prevent my site from being hacked?

Typically, most sites are hacked because of poor passwords, older and exploitable software, or...

Block Bad Bots and Spiders using .htaccess

Below is a useful code block for blocking a lot of the known bad bots and site rippers currently...