Title: xmlrpc.php related attack
Last modified: August 21, 2016

---

# xmlrpc.php related attack

 *  [Hussam Al-Tayeb](https://wordpress.org/support/users/hussam-al-tayeb/)
 * (@hussam-al-tayeb)
 * [11 years, 10 months ago](https://wordpress.org/support/topic/xmlrpcphp-related-attack/)
 * I am on a shared host but behind cloudflare (to avoid such situations).
    I was
   getting what must have been 10s of thousands of requests to xmlrpc.php per minute
   and this made me reach my cpu limit and cpanel started to reject connections.
   I set cloudflare to ‘i am under attack’ and this blocked most access to my website
   while I figure out what to do. A google search resulted in
 * > RewriteRule ^xmlrpc\.php$ “http\:\/\/0\.0\.0\.0\/” [R=301,L]
   > # Block attackers by agents
   >  <IfModule mod_rewrite.c> RewriteCond %{HTTP_USER_AGENT}
   > ^.*WinHttp\.WinHttpRequest\.5.*$ RewriteRule .* [http://%](http://%){REMOTE_ADDR}/[
   > R,L] </IfModule>
 * I added that and while this did not stop the attack, it removed the high CPU 
   usage.
 * How long do I keep the rewrite rule? what is the best way to deal with this situation?

Viewing 5 replies - 1 through 5 (of 5 total)

 *  [The Grey Parrots](https://wordpress.org/support/users/greyparrots/)
 * (@greyparrots)
 * [11 years, 10 months ago](https://wordpress.org/support/topic/xmlrpcphp-related-attack/#post-5157046)
 * You may use the security tips located here
    [http://digwp.com/2009/06/xmlrpc-php-security/](http://digwp.com/2009/06/xmlrpc-php-security/)
   [http://perishablepress.com/wordpress-xmlrpc-pingback-vulnerability/comment-page-1/](http://perishablepress.com/wordpress-xmlrpc-pingback-vulnerability/comment-page-1/)
 * But best one would be to delete this, if its of no use.
 *  Thread Starter [Hussam Al-Tayeb](https://wordpress.org/support/users/hussam-al-tayeb/)
 * (@hussam-al-tayeb)
 * [11 years, 10 months ago](https://wordpress.org/support/topic/xmlrpcphp-related-attack/#post-5157054)
 * Deleting it won’t help as it will trigger a crazy number of 404 requests which
   wordpress has to process.
    Right now, the only way that seems to be helping is
   redirecting requests to xmlrpc.php to a fictional IP. I guess I will just keep
   it like this till the attack subsides. thank you.
 *  [The Grey Parrots](https://wordpress.org/support/users/greyparrots/)
 * (@greyparrots)
 * [11 years, 10 months ago](https://wordpress.org/support/topic/xmlrpcphp-related-attack/#post-5157056)
 * Yes, that’s a good idea.
 *  [eduguytoo](https://wordpress.org/support/users/eduguytoo/)
 * (@eduguytoo)
 * [11 years, 8 months ago](https://wordpress.org/support/topic/xmlrpcphp-related-attack/#post-5157234)
 * This issue has resurfaced as of 4.0
 *  It is a huge issue, malicious scripts are using this to devalue and consume 
   bandwidth which results in undesirable issues for wordpress users.
 * I did not see an entirely useful solution posted
 * [@the](https://wordpress.org/support/users/the/) Grey Parrots it appears the 
   link for the reference of security was published a long long time ago.
    “Working
   with WordPress version 2.8 at the time of this writing.”
 * Does anyone have a more detailed method of managing this issue?
 *  [Peter Luit](https://wordpress.org/support/users/peterluit/)
 * (@peterluit)
 * [11 years ago](https://wordpress.org/support/topic/xmlrpcphp-related-attack/#post-5157254)
 * In general there should be a much better understanding of server setups, wp-config.
   php modifications and adjusting the htaccess file. Since the growing popularity
   of WordPress today we cannot just install and use an average webserver anymore
   and just a simple WordPress installation and expect that everything is safe and
   clean.
 * In my experiences with a VPS I learned that there should be much more knowledge
   of what is going on around WordPress attacks, to configure everthing in the right
   way. So if you have multiple sites to serve, take care of your knowledge and 
   know what to expect form your hosting provider, especially when you choose an
   unmanaged VPS.
 * The WP Codex should make a special (and easy to find) chapter around all these
   issues.
 * Just my thoughts.
 * Peter Luit
    The Netherlands

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘xmlrpc.php related attack’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 5 replies
 * 4 participants
 * Last reply from: [Peter Luit](https://wordpress.org/support/users/peterluit/)
 * Last activity: [11 years ago](https://wordpress.org/support/topic/xmlrpcphp-related-attack/#post-5157254)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics