For WordPress users, the saddest news is that on the WordPress site, xmlprc.php is enabled by default. Because, jetpack uses this file. If you browse this site http://www.yourdomain.com/xmlrpc.php, then you will get the message named XML-RPC server accepts POST requests only. It means that xmlrpc.php has already enabled. The hackers may use it remotely to insert any script on your site. By attacking xmlrpc DDos, your password may be stolen. So, you have to close this file. As a result, your site will not harm a lot. You will get so many benefits. To save the xmlrpc.php file, go to the C-panel and then go to the root folder and under the codes of. htaccess, you paste this below mentioned code.
How to protect WordPress websites from xmlrpc DDoS attack?
# BEGIN protects xmlrpc.php <Files xmlrpc.php> order allow,deny deny from all </Files> # END protect xmlrpc.php
Now save it. Now, the hackers are not attack the xmlrpc DDoS. What would you do if the file is already affected which you want to edit it? That is, what would you do if your. htaccess file is already affected? For saving it, you paste the below codes:
<Files. htaccess> order allow,deny deny from all</Files>
Now, go to the dashboard and from settings, you go the discussions and withdraw the tick sign from the above two items. You save from it.
Thank you!