Published January 20 2016
Over the course of the last couple months, I’ve noticed a huge problem with all my Wordpress sites. They keep crashing! It just didn’t make sense, The css, html and js are all minified, images are optimized and security measures have been taken in the form of All In One WP Security & Firewall. Why does the site keep going down?
Turns out, the public facing API Wordpress has was getting nailed with brute force attacks. It’s not as noticeable if you don’t check your logs regularly. But the short story is that a bot is pinging the API multiple times per second, causing the server to become overloaded.
Hundreds of lines of POST requests to xmlrpc.php
With DigitalOcean, it pretty easy for anyone on the team to go in and do a power cycle when they see a site is down. But this would happen multiple times per day. So thats not a solution, but a bandaid.
The best way for us, was to just block access to the API. Which will work for you too, unless you absolutely need access to the API, then you will want to look into whitelisting your IP addresses.
In your .htaccess file add the following snippet.
# Block WordPress xmlrpc.php requests<Files xmlrpc.php>order deny,allowdeny from all</Files>
iptables -I INPUT -s <IP ADDRESS> -j DROP
service iptables save
Tech leader and builder of things.
Podcast @ Shots & Bytes