Tips & Tricks: Protect Your Blog From XMLRPC DDOS Attack

In WordPress xmlrpc.php file enabled by default. Jetpack use this file to track visitors stats. So it may less your blog security by xmlrpc ddos attack. You have to be aware about this problem. If you go to it will show you a default message: XML-RPC server accepts POST requests only. It means xmlrps.php is enabled default on your server.

Protect Your Blog From XMLRPC DDOS Attack


Hackers can easily push any scripts to your site by using this file. They can get your password by xmlrpc DDoS attacks and may harm your website.

So you have to turn off this file you will not have any harm if you turn off this file. So it will better to turn off this file on your server.  So you have to do it on .htaccess on your root folder.

Go to .htaccess and edit the file and paste the code below on the bottom of your file.

Now save the file and browse this file by Hope you will see a message about 404 Error. It means your xmlrpc.php file is disabled. Sometimes you may see a page that contain server request error.

Now you have to protect .htaccess file, to protect this file you have to paste the below code bottom on your file.

Now go to your WordPress Dashboard>Settings>Discussion Now uncheck two item in default article settings. Hope you are safe now.

These will help you to protect your WordPress site security, so do it before anyone attack to your site.

Like Love Haha Wow Sad Angry
  1. Brian Lange

    Wow – I’m catching up on a few of your blog posts I’ve missed but I LOVE your little post, how cool is that! I love your hair in it too + congratulations, I’m dying to know more!

  2. Alax hopper

    Its a good Post. I like you post. I have read some more post from your website but it have some different.
    thank you for sharing

Leave a Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge