On Thu, Oct 2, 2014 at 11:52 AM, <jwyeth.arch@xxxxxxxxx> wrote:
> Disabling XMLRPC completely via wp-config.php is quite easy.. I can send
> required info when I'm in front of a computer. You can also use an
> .htaccess rule for Apache to stop requests completely. I'm sure there's
> also rules for Nginx, lighttpd, etc that can be found quite easily via
> Google. Surprised most people don't have this disabled/blocked already.
>
+1
I wrote an Apache rewrite rule (saved it in a separate file) that I can
include on any WordPress sites getting hammered by requests to xmlrpc.
There's also wp-login as well that gets brute forced from time to time.
I was kicking back a HTTP 410 (gone, as opposed to 403 or 404). Of course
they're stupid bots, so they keep hammering away!
With some ISPs using NAT, I prefer the rewrite rule solution ... that way
it stops the requests and doesn't block the IP entirely. Pros and cons of
course, but I prefer a conservative approach first rather than a heavy
handed one.
--
---~~.~~---
Mike
// SilverTip257 //
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
