WordPress :: xmlrpc.php Attack!

You may also like...

6 Responses

  1. RW says:

    What is the significance of It’s not showing up in your log file example…


  2. dino says:

    This not a solution but a way to avoid our server being overloaded due to tons of requests. The IP will act as local IP for the attacking IP’s / servers so it would somewhat act as reverse attack on the attacking server. Here is the log after modifying the .htaccess : - - [05/Aug/2014:22:14:30 -0500] "POST /xmlrpc.php HTTP/1.1" 301 224 "-" "-" - - [05/Aug/2014:22:14:30 -0500] "POST /xmlrpc.php HTTP/1.1" 301 224 "-" "-" - - [05/Aug/2014:22:14:31 -0500] "POST /xmlrpc.php HTTP/1.1" 301 224 "-" "-" - - [05/Aug/2014:22:14:31 -0500] "POST /xmlrpc.php HTTP/1.1" 301 224 "-" "-"

  3. Robin Wilson says:

    Thanks dino for the help.
    I had tried various solutions posted on other websites but none of these worked and as soon as the site was turned back on the attack continued.
    However your solution worked straight away with the added bonus that the attackers are now attacking themselves.
    It seems this attack is still possible with the latest version of WordPress.


  4. amrit pal says:

    i think this is nice trick, i used it, but why is index.php is getting high cpu usage now, attack is being redirected to thier localhost, is this trick effect on our post seo ?

  5. Lance Turner says:

    Great advice. Thanks.

  6. John says:

    This worked few years back for me. A clients website was getting down every few hrs. And after a whole week of brain-crunching your solution worked for me.

Leave a Reply

Your email address will not be published. Required fields are marked *