Block xmlrpc.php brute force request in Wordpress site
Block xmlrpc.php brute force request in Wordpress websites
Wordpress websites have xmlrpc requests disabled by default but some sites have it enabled and is being brute forced by hackers. This leads to increased CPU consumption on the server.
To check brute force requests on the server
To check and disable bruteforce attacks on WP sites, check the server status with htop and observe which sites are continuously coming up on the htop results.
Then investigate the access log for the site to confirm if xmlrpc.php is being requested on the site continuously
# cd /var/www/vhosts/system/uniseven.in/statistics/logs
# ll -tal
Check the log
# tail -f proxy_access_log
(4).png)
Here, we can see that multiple times trying to hit the xmlrpc.php for the domain uniseven.in with the same ip.
Open the (.)htaccess file add the below lines for the domain under the folder on which WP is installed
# vi /var/www/vhosts/alom.in/httpdocs/(.)htaccess
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
Save the file and then check the logs and also the htop status
Reference KB URL: https://blogvault.net/wordpress-disable-xmlrpc/
Related Articles
All In One WP Security & Firewall
All In One WP Security & Firewall Objective: it helps to add some extra security and firewall to your site by using a security plugin that enforces a lot of good security practices. Brute Force Attacks: one of the ways hackers try to compromise sites ...Block brute force attack from Plesk firewall
Block brute force attack from Plesk firewall Issue: SMTP service has been receiving unauthorised brute force requests on the server Update 1: Below logs have been found from the maillog on the server May 15 12:13:44 host plesk_saslauthd[11425]: No ...Malware & Cross Site scripting attack in website
While browsing your website you can come across error message in your Mozila or Google Chrome web browsers. (fig 01 & 02) fig 01: attack reported on Mozila Firefox fig 02: attack reported on Google Chrome This type of message you can not see on ...Manage your WordPress websites with WordPress Toolkit
Manage your WordPress websites with Wordpress Toolkit WordPress Toolkit allows server administrators, resellers and customers to manage their WordPress instances, enabling a variety of development workflows for WordPress admins of all skill levels, ...How to deploy WordPress manually under project at Diadem Express Cloud
Create the environment After log-in to the panel a new environment has been created from the option ‘NEW ENVIRONMENT’. Environment Topology for installing wordpress Apache application server PHP version – 7.1.0 MySQL version – 5.7 or MariaDB In a ...