Diadem Technologies Support Knowledgebase

Block xmlrpc.php brute force request in Wordpress site

Article ID: 1496
Last updated: 23 Apr, 2022

Block xmlrpc.php brute force request in Wordpress websites

Wordpress websites have xmlrpc requests disabled by default but some sites have it enabled and is being brute forced by hackers. This leads to increased CPU consumption on the server.

To check brute force requests on the server

To check and disable bruteforce attacks on WP sites, check the server status with htop and observe which sites are continuously coming up on the htop results.

Then investigate the access log for the site to confirm if xmlrpc.php is being requested on the site continuously

# cd /var/www/vhosts/system/uniseven.in/statistics/logs

# ll -tal 

Check the log 

# tail -f proxy_access_log

Here, we can see that multiple times trying to hit the xmlrpc.php for the domain uniseven.in with the same ip. 

Open the (.)htaccess file add the below lines for the domain under the folder on which WP is installed

# vi /var/www/vhosts/alom.in/httpdocs/(.)htaccess

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

Save the file and then check the logs and also the htop status

Reference KB URL: https://blogvault.net/wordpress-disable-xmlrpc/

This article was:  
Report an issue
Article ID: 1496
Last updated: 23 Apr, 2022
Revision: 5
Views: 367
Comments: 0
Tags