modsec rule to stop xmlrpc attack

By | 6 February 2019

Lots of attacks are made towards WordPress XML-RPC (xmlrpc.php), which can cause a slowdown in the server. Below is the modsec rule to stop xmlrpc attack:

#Block requests to xmlrpc.php with no referring URL
SecRule REQUEST_METHOD "POST" "deny,status:401,id:5000900,chain,msg:'xmlrpc request blocked, no referer'"
SecRule &HTTP_REFERER "@eq 0" "chain"
SecRule REQUEST_URI "xmlrpc.php"