Risk DDos in Wordpress (xmlrpc.php) / What to do

Hello guys .

My wordpress site is getting unfamiliar kind of visitors from all around the world.

I can't say its Ddos becouse it will be much strong and powerful but i am getting around 20-30clicks in minute via it.

I am bit confused becouse my site i'snt even famous which can make competitors angry , and its peaceful site.

Any suggestion how can i avoid that kind becouse momentally my site is getting a lot visits in xmlrpc.php.

There is a photo : http://i.imgur.com/6TXQswK.jpg

 

Check your access longs what kind of clients/browsers are these as might be bots and your site to be used for ping-back attacks.

 

As suggested you should analyze your logs but in the meantime to stay on the secure side you can add the lines below to your WP .htaccess file:

# BAN ACCESS TO XMLRPC.PHP
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

Code (markup):

You can also install plugin like "Wordfence Security". One more recommendation - make sure your admin user uses a username different from "admin"

 

Hello,

Try moving your wordpress website over to CloudFlare and use a few security Plugins like:

Sucuri Security
Wordfence Scan
Acunetix WP Security

If you configure the above plugins correctly you should be able to stop fake traffic which is looks like this may be.

 

If you are not using remote publishing for your WordPress, deny the access to this file using .htaccess rule.