Solve the problem of WordPress website being attacked by using xmlrpc.php file

In the past few days, Snail Blog has often experienced monitoring and alarm VPS downtime issues. At first, I thought it was caused by VPS instability (current VPSs also encounter instability problems), and then I saw through the logs that it should be due to instability. It is caused by the WEB being stuck due to attacks and exploits. The reason is that the WORDPRESS program used has xmlrpc.php enabled by default, and it is used for DDOS attacks, resulting in excessive resource usage.

Through the log we can see the following content:

How to solve this problem?

Snail is looking for solutions online. Currently, there are three methods available. The first one is to block the XML-RPC (pingback) function.

add_filter(\\’xmlrpc_enabled\\’, \\’__return_false\\’);

The second method is to block access to the xmlrpc.php file through .htaccess

# protect xmlrpcOrder Deny,AllowDeny from all

The third method is to modify the .htaccess file. If a user accesses the xmlrpc.php file, then let them jump to other pages that do not exist or exist, reducing the burden on their own website.

# protect xmlrpcRedirect 301 /xmlrpc.php http://example.com/custom-page.php

The above are the three methods compiled by Snail to solve the problem of WordPress website being attacked by using xmlrpc.php file. If other friends have better solutions, please share and discuss them.

Recommended site searches: vps host, US host purchase, free asp.net space, domain name registration information query, domain name registration information query vps foreign server, space rental registration number query, Chinese domain name, virtual space host,