Focus on cloud service provider activities
Notes on website operation and maintenance

WordPress xmlrpc.php is attacked with high load

At present, we use WordPress to build many websites. The xmlrpc.php file is generally used as an interface, but there is also a problem that the website load is too high because it is easy to be attacked. Here we can solve this problem in a way.

If we cannot use this file interface, we can disable it.

 //By laozuo.org function file disable xmlrpc.php add_filter('xmlrpc_enabled', '__return_false');

It can also be added in wp-config.php.

 if(strpos($_SERVER['REQUEST_URI'], 'xmlrpc.php') !==  false){ $protocol   = $_SERVER['SERVER_PROTOCOL'] ?? ''; if(!in_array($protocol, ['HTTP/1.1', 'HTTP/2', 'HTTP/2.0', 'HTTP/3'], true)){ $protocol   = 'HTTP/1.0'; } header("$protocol 403 Forbidden", true, 403); die; }

If we are in Nginx, we can also do this:

 location ~* ^/xmlrpc.php$ { return 403; }

 

Vote for you
Domain name host preferential information push QQ group: six hundred and twenty-seven million seven hundred and seventy-five thousand four hundred and seventy-seven Get preferential promotion from merchants.
Like( zero )
Do not reprint without permission: Lao Zuo's Notes » WordPress xmlrpc.php is attacked with high load