Wordpress Attack - Slow/Crashing Site : Knowledge Base

Wordpress Attack - Slow/Crashing Site Print

Modified on: Mon, 9 Apr, 2018 at 10:55 PM

Denying inbound connections to the file xmlrpc.php on a wordpress installation is worth considering to help stop a Denial of Service attack

Rarely would one of our customer sites actually need to have xmlrpc.php file accessed from the outside world.

Multiple, rapid calls on xmlrpc.php could lead to a denial of service attack on a server (consuming all of it's CPU/RAM) with the website(s) on that server not beig able to load.

Some information here that might help.

Add this to .htaccess file in root of public_html folder to resolve:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
# End Block WordPress xmlrpc.php requests

There is also a plugin for Wordpress that will do this for us available here.

Did you find it helpful? Yes No

How can we help you today?

Wordpress Attack - Slow/Crashing Site Print

Related Articles