XML-RPC Block Using .htaccess

Sometimes one of our servers will be running hot while getting high loads seemingly at random, without a clear reason.

There are a couple of things we can do to troubleshoot this, like checking the server status in WHM. To do this, search "Apache Status" in the WHM search bar.

Screen_Shot_2022-08-19_at_10.13.17_AM.png

This will show you if there is one particular site getting hammered with requests— which is often, though not always, the case with random load spikes. Here's an example of what that page would look like when a site is experience a high load (this screenshot is from an outdated version of WHM):

An instance of this would be when one WordPress blog was getting hit very hard with login attempts, often referred to as "brute force login attempts." But, rather than the wp-login.php file, it was the xmlrpc.php file which has been a vulnerability for years because it provides “a huge target for brute force login attempts because it bypasses the traditional wp-login.php and goes right for logging in via API.” This was precisely the case with the intense load on Ramones shown above.

Forunately, we have a snippet of code we can just add to the .htaccess file in the affected WordPress install to block all calls to xmlrpc.php. Below is the code snippet we copied into .htaccess in this case that brought the load back down almost immediately.

1  <IfModule mod_setenvif.c>
2 <Files xmlrpc.php>
3    BrowserMatch "Poster" allowed
4    BrowserMatch "WordPress" allowed
5    BrowserMatch "Windows Live Writer" allowed
6    BrowserMatch "wp-iphone" allowed
7    BrowserMatch "wp-android" allowed
8    BrowserMatch "wp-windowsphone" allowed
9 
10    Order Deny,Allow
11    Deny from All
12    Allow from env=allowed
13  </Files>
14 </IfModule>
15 
16 ErrorDocument 403 "Access Denied"
For more information about .htaccess files, see our guide Understanding .htaccess.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Reclaim Hosting Support Hours
8:00 am - 5:00 pm ET, Monday through Friday
Submit a Ticket
Get a quick and helpful response from the pros.
Need Extra Support?
No problem, we're here to help! Talk to us about Professional Services or custom Service Level Agreements.