1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Risk DDos in Wordpress (xmlrpc.php) / What to do

Discussion in 'Security' started by juerald, Jul 24, 2014.

  1. #1
    Hello guys .

    My wordpress site is getting unfamiliar kind of visitors from all around the world.

    I can't say its Ddos becouse it will be much strong and powerful but i am getting around 20-30clicks in minute via it.
    SEMrush
    I am bit confused becouse my site i'snt even famous which can make competitors angry , and its peaceful site.

    Any suggestion how can i avoid that kind becouse momentally my site is getting a lot visits in xmlrpc.php.

    There is a photo : http://i.imgur.com/6TXQswK.jpg
     
    juerald, Jul 24, 2014 IP
    SEMrush
  2. WebHostDog

    WebHostDog Banned

    Messages:
    76
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    73
    #2
    Check your access longs what kind of clients/browsers are these as might be bots and your site to be used for ping-back attacks.
     
    WebHostDog, Jul 31, 2014 IP
  3. Artvision

    Artvision Active Member

    Messages:
    251
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    80
    #3
    As suggested you should analyze your logs but in the meantime to stay on the secure side you can add the lines below to your WP .htaccess file:
    # BAN ACCESS TO XMLRPC.PHP
    <Files xmlrpc.php>
    order deny,allow
    deny from all
    </Files>
    Code (markup):
    You can also install plugin like "Wordfence Security". One more recommendation - make sure your admin user uses a username different from "admin" :)
     
    Artvision, Aug 12, 2014 IP
  4. AdamUK89

    AdamUK89 Active Member

    Messages:
    78
    Likes Received:
    2
    Best Answers:
    1
    Trophy Points:
    90
    #4
    Hello,

    Try moving your wordpress website over to CloudFlare and use a few security Plugins like:

    Sucuri Security
    Wordfence Scan
    Acunetix WP Security


    If you configure the above plugins correctly you should be able to stop fake traffic which is looks like this may be.
     
    AdamUK89, Aug 13, 2014 IP
  5. kailash

    kailash Well-Known Member

    Messages:
    1,251
    Likes Received:
    42
    Best Answers:
    0
    Trophy Points:
    100
    #5
    If you are not using remote publishing for your WordPress, deny the access to this file using .htaccess rule.
     
    kailash, Sep 5, 2014 IP