Introduction
Oftentimes, malicious traffic is created by rapidly accessing a xmlrpc.php file, creating a high server load, or causing limits to be reached on the server. Configuring a .htaccess file to disable xmlrpc in a cPanel account can provide better security.
Procedure
- Log in to the affected cPanel account.
- Go to File Manager.
- Access
public_html(or your website content's document root). - Create a new file and name it
.htaccess. - Paste the following code into the file:
# Block WordPress xmlrpc.php requests <Files xmlrpc.php> order deny,allow deny from all allow from xxx.xxx.xxx.xxx </Files>
To allow xmlrpc from a particular IP, replace
xxx.xxx.xxx.xxxwith the IP address. - Save and close the file.