Resolving XMLRPC DDoS WordPress Attack with .htaccess

Brute Force Attacks against WordPress have always been very common.
Here is how to temporarily stop a Brute Force Attack exploiting XML-RPC (xmlrpc.php) in WordPress by adding the following code to your .htaccess file:

Method 1:
# Redirect WordPress xmlrpc.php requests
RewriteRule ^xmlrpc\.php$ "http\:\/\/0\.0\.0\.0\/" [R=301,L]

Method 2:
# Block WordPress xmlrpc.php requests - Cause high CPU load
<Files xmlrpc.php>
order deny,allow
deny from all
#allow from 123.123.123.123 # Uncomment and add your IP if required
</Files>

Was this answer helpful?

Also Read

Protect your WordPress from Brute Force Attacks

Recently, there was a worldwide, highly-distributed Brute Force Attack on WordPress sites....

Speed up WordPress Leveraging Browser Caching via .htaccess

Insert the following code to your .htaccess file to increase the speed of your WordPress website...

Redirect non-www to www over http and https

Use the following .htaccess code to redirect non-www URLs to www over http and https. Create, or...

.htaccess rules to Harden your website’s Security

Below you see a list of the important rules that you can add to your .htaccess file to harden...

How to Remove Multiple Slashes from URL

You can use this .htaccess rule for removing multiple trailing slashes anywhere in URL:...