How To Block WordPress XML-RPC DDoS Attacks With NGINX

Blocking WordPress XML-RPC DDoS Attacks With NGINX

A WordPress XML-RPC attack is a type of HTTP layer 7 DDoS attack that abuses the XML-RPC APIĀ of WordPress based websites to send HTTP GET requests to a victim’s web server in order to overload and crash it. This type of application layer attack is a relatively common part of layer 7 attacks, because a lot of people who run WordPress websites keep Pingback and Trackback features enabled, which ensures the bad guys always have enough vulnerable WordPress servers available to initiate this type of attack against an unprotected victim. Continue reading