Defending against WordPress xmlrpc attacks

Avatar
  • Answered
Hi I have my own sites as well as a lot of my clients' sites on inMotion and I'd like your opinion. I have seen .htaccess rules protecting against xmlrpc attacks using... Redirect 301 /xmlrpc.php http://127.0.0.1 This reflects attacks back to the offender. I've also seen... Order allow,deny Deny from all Which will just plain deny access to the file. Does inMotion have a preference? Is one easier on cpu bandwidth than the other? Thanks!
Avatar
anonymous
Hello Kdawes01, Using the .htaccess block would help lower the accounts resource usage. There are other things you can do as well. I would recommend your client to send an email to our support team and ask for an account review. Kindest Regards, TJ Edens
Avatar
JeffMa
The solution is entirely up to you but in most cases. Personally, I recommend denying access to the file completely instead of the redirect but either way will be perfectly fine.