Brute Force attacks against any CMS these days is a common occurrence. One of these attackes is XML-RPC attack.
WordPress utilizes XML-RPC to remotely execute functions.
The attack is being made possible because WordPress allows calls to XML-RPC to be stacked, using system.multicall. This allows the server to be quickly overwhelmed by calls.
More information on this can be found here:
To check if your website is having XML-RPC attack, check the access log of your web server. For apache on Linux, you need to check:
You are under attack if you find entries similar to:
POST /xmlrpc.php HTTP/1.0
To protect your website from attack, we can do any of the following:
- Install Jetpack plugin in your WordPress installation
- Manually block all XML-RPC traffic
For this, on Apache/Linux, add following entries to the file:
<VirtualHost> ... <files xmlrpc.php> order allow,deny deny from all </files> </VirtualHost>
Now, restart your web server and you are good to go.