This article explains how you can lock down
.htaccess. However, it might be a better option to protect the xmlrpc-php endpoint instead, filtering out the unwanted traffic.
xmlrpc.php endpoint can be misused as en endpoint for brute force attacks.
If you do not use
xmlrpc.php for any integrations, you might as well disable it completely. Adding these lines to your
.htaccess file will disallow access to the endpoint for everyone.
public/.htaccess file and add
<Files xmlrpc.php> Require all denied </Files>
xmlrpc.php is required by some plugins, like Jetpack.
Give us your feedback on this article
Want to speed up your site, easily?
Set up your site on Servebolt, free of charge for 14 days, and see for yourself how fast it can be on our extremely fast hosting.
A faster site converts better, ranks better on Google, and is better for the climate.