Oftentimes, malicious traffic is created by rapidly accessing a
xmlrpc.php file, creating a high server load, or causing limits to be reached on the server. Configuring a
.htaccess file to disable xmlrpc in a cPanel account can provide better security.
- Log in to the affected cPanel account.
- Go to File Manager.
public_html(or your website content's document root).
- Create a new file and name it
- Paste the following code into the file:
# Block WordPress xmlrpc.php requests <Files xmlrpc.php> order deny,allow deny from all allow from xxx.xxx.xxx.xxx </Files>
To allow xmlrpc from a particular IP, replace
xxx.xxx.xxx.xxxwith the IP address.
- Save and close the file.