Resolving XMLRPC DDoS WordPress Attack with .htaccess

Brute Force Attacks against WordPress have always been very common.
Here is how to temporarily stop a Brute Force Attack exploiting XML-RPC (xmlrpc.php) in WordPress by adding the following code to your .htaccess file:

Method 1:
# Redirect WordPress xmlrpc.php requests
RewriteRule ^xmlrpc\.php$ "http\:\/\/0\.0\.0\.0\/" [R=301,L]

Method 2:
# Block WordPress xmlrpc.php requests - Cause high CPU load
<Files xmlrpc.php>
order deny,allow
deny from all
#allow from 123.123.123.123 # Uncomment and add your IP if required
</Files>

Was this answer helpful?

Also Read

.htaccess rules to Harden your website’s Security

Below you see a list of the important rules that you can add to your .htaccess file to harden...

Speed up WordPress Leveraging Browser Caching via .htaccess

Insert the following code to your .htaccess file to increase the speed of your WordPress website...

Block Bad Bots and Spiders using .htaccess

Below is a useful code block for blocking a lot of the known bad bots and site rippers currently...

GET/POST Security with .htaccess

Below is a useful code to block out some common exploits for GET/POST values with .htaccessSimply...

Disabling Magic Quotes GPC

How to turn off magic quotes gpc (required by Joomla 3 and some other scripts).1. Create a...