Block xmlrpc.php WordPress running on OpenLiteSpeed using .htaccess

Block Xmlrpc Open Litespeed

You can block the xmlrpc.php WordPress file when running on OpenLiteSpeed by adding a rewrite rule in the .htaccess file. This will reduce the brute force threat of bots making multiple resource requests. Add to your webroot .htaccess file either add it in a mod_rewrite existing block or add a new one: <IfModule mod_rewrite.c> RewriteRule…

Read More

Block xmlrpc.php and wp-login.php via NGINX

Block Xmlrpc Wp Login Nginx

You can block xmlrpc.php and wp-login.php via NGINX with the configurations below, what’s good about this approach is that it prevents brute force attacks at the NGINX server level without any PHP/MySQL resources being used. xmlrpc.php for NGINX location = /xmlrpc.php { deny all; } To allow JetPacks IP addresses through adjust the config to…

Read More

Block xmlrpc.php requests from Cloudflares firewall apart from JetPack

Xmlrpc Block

You can block WordPress xmlrpc.php requests from Cloudflare but exclude the JetPack IP addresses by creating a custom firewall rule, attacks on xmlrpc.php are frequent and it is best now disabled as it will be deprecated from WordPress in the future. However, some of the more popular WordPress plugins such as JetPack still need to…

Read More