Tag: attack

xmlrpc.php high cpu load

 

High load caused by xmlrpc.php seems to be a known issue that can occur on a WordPress site:
https://wordpress.org/support/topic/resolving-xmlrpcphp-ddos-attack-with-htaccess-redirect?replies=8
https://wordpress.org/support/topic/xmlrpcphp-files-cause-high-cpu-usage-and-high-resource-usage?replies=2

Some sites during attack become inaccessible or get broken and show Too Many Redirects error.

A quick fix is to add this to .htaccess :

RewriteRule ^xmlrpc\.php$ “http\:\/\/0\.0\.0\.0\/” [R=301,L]

 

Or just delete / disable file (set permissions 000).

 

More details about XMLRPC :
https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against -wordpress-xmlrpc.html

If you need XMLRPC you can use these to filter requests:
https://wordpress.org/plugins/stop-xmlrpc-attack/
https://www.wordfence.com/blog/2015/10/should-you-disable-xml-rpc-on-word press/