How to block access to xmlrpc.php file?

[Mohsen Ghiasi]

Hello
I use this code in httpd.conf to block access to xmlrpc.php file that kills many wordpress based websites every day ;-)

<FilesMatch "^(xmlrpc\.php|wp-trackback\.php)">
Order Deny,Allow
Deny from all
</FilesMatch>

Is it possible to add a rewrite rule to block access to some files like xmlrpc.php?
If you use wordpress and security plugins please share your working codes that work.
Thanks a lot

 

[lsfoo]

Hi @Mohsen Ghiasi

You could try a rewrite rule based deny:

RewriteRule ^(xmlrpc\.php|wp-trackback\.php) - [F,L,NC]

 

[Mohsen Ghiasi]

Hi @Mohsen Ghiasi

You could try a rewrite rule based deny:

RewriteRule ^(xmlrpc\.php|wp-trackback\.php) - [F,L,NC]

Worked by adding a "/"

RewriteRule ^/(xmlrpc\.php|wp-trackback\.php) - [F,L,NC]

Thank you so much

 

[lsfoo]

Excellent, glad to hear it worked out!

 

[zEitEr]

Here is another solution if rules need to be added directly into each virtualHost (in case you use templates for auto-generating virtualHost like DirectAdmin does):

rewrite  {
    enable                  1
    autoLoadHtaccess        1
    RewriteRule ^/(xmlrpc|wp-trackback)\.php - [F,L,NC]
  }

 

[remics]

Here is another solution if rules need to be added directly into each virtualHost (in case you use templates for auto-generating virtualHost like DirectAdmin does):

rewrite  {
    enable                  1
    autoLoadHtaccess        1
    RewriteRule ^/(xmlrpc|wp-trackback)\.php - [F,L,NC]
  }

Interesting! Thanks.
Where I put this code?

 

[deewinc]

Hi @Mohsen Ghiasi

You could try a rewrite rule based deny:

RewriteRule ^(xmlrpc\.php|wp-trackback\.php) - [F,L,NC]

How can I do this to deny all other IPs but allow certain IPs to access the file?

I want to use the .htaccess file