How to block xml-rpc attacks for all domains?
I want to block access to xmlrpc.php to all traffic on all dozen or so sites hosted on my droplet– Ubuntu 16.04, Apache.
I used this command to search for attempts to access this file:
grep xmlrpc /var/log/apache2/access.log
And I found that I’m getting traffic to it every few seconds. Many, many log entries. I don’t use Jetpack or any other plugins that use this, so I decided to simply block all access. So I went to each vhost configuration file and added the following:
<files xmlrpc.php> order allow,deny deny from all </files>
(Later, I realized that I could have just blocked it for all sites from the apache2.conf file.)
I modified all conf files and restarted Apache, then I searched again, and found that I’m still getting traffic. The result is 403 forbidden, but it’s still happening, every few seconds. It’s been days now and the traffic continues. Is that normal? Will this attack stop eventually? Even though it’s not resulting in out-of-memory errors anymore, is it still harmful?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.