By Tyler Jefford
On January 20th, 2016
As it turns out, the public facing API Wordpress included by default was getting nailed with a brute force attack. It's not as noticeable if you don’t check your logs regularly, but the short story is that someone pointed a script to ping the API of public WordPress sites multiple times per second, causing the server to become overloaded with requests.
Hundreds of lines of POST requests to xmlrpc.php
Using DigitalOcean (referral link), it is pretty easy for anyone on the team to go in and do a power cycle when they see a site is down. But this would continue to happen multiple times per day. So that's not a solution, but a bandaid.
The best way for the team I was on was to just block access to the API. Which will work for you too, unless you absolutely need access to the API, then you will want to look into whitelisting your IP addresses. Restricting the API will remove access to this site via a mobile app, but will also increase security
In your .htaccess file add the following snippet.
# Block WordPress xmlrpc.php requests <Files xmlrpc.php>order deny,allowdeny from all</Files>
In your theme folder, you can add a line in functions.php to block access to the API.
Using a plugin
There are a bunch of plugins that claim to block access to the API, but its really up to your discretion on installing them to test the functionality and if they pass muster. The WordPress Plugin Directory that may prevent access to the API.
Instead of blocking access to the file, you can also just block an IP from Apache. This is not really fixing the problem, but maybe its helpful to know its an option. It’s a good way to stop the bleeding to explore a longer term solution.
In your server terminal you can use the following snippet to block an IP from your iptables.
iptables -I INPUT -s <IP ADDRESS> -j DROP service iptables save
In conclusion, you should always check your logs first and look for odd patterns, such as a ton of traffic to a single file in a short period of time. Research the common security threats that are being used for the platform you are working with (in this case WordPress). Finally, learn the actions you can take based on these threats, so you can hopefully prevent a website from going down for these reasons.