How to Stop XML-RPC attack on Digital Ocean Ubuntu

Question

I have recently started a new Digital Ocean droplet with 5 wordpress sites on it. It has been going down a lot because of XML-RPC attacks. I have tried everything DO suggested and I am still going down.

I have downloaded the Advanced Access Manager wordpress plugin and disabled XML-RPC. I have also edited the apache .conf files adding the code

<files xmlrpc.php>
  order allow,deny
  deny from all
</files>

Even after all that my mysql is still going down. When I run grep xmlrpc /var/log/apache2/access.log it shows a ton of lines like this

123.57.254.142 - - [21/Oct/2018:08:01:18 +0000] "POST /xmlrpc.php HTTP/1.1" 400 0 "-" "-"

Am I doing something wrong? Why is droplet still vulnerable even though I have turned off XML-RPC on all my sites? Thanks so much!

The number "400" seems to be the http response (Check in your log format). 400 is in the http not found range, so this might be normal behavior (data still reaches your apache and then gets disregarded) — Norbert van Nobelen
So my sites are blocking it? So is there no way to stop them going down? — Chris Grim
Using a firewall will be more efficient then blocking with php. Look into iptables (digital ocean has very decent manuals for this) — Norbert van Nobelen

Prashant Suthar Prashant Suthar · Accepted Answer · 2018-10-21T16:51:00

1.Add this line in function.php

add_filter('xmlrpc_enabled', '__return_false');

2.prevent using .htaccess

Simply paste the following code in your .htaccess file:

order deny,allow deny from all

How to Stop XML-RPC attack on Digital Ocean Ubuntu

1 Answers