While Monitoring my server i noticed bulk traffic to xmlrpc.php files in my hosted websites. As this is a shared server, so there are over 40 wordpress installations in it. And that day i have noticed a continuous attack on 8 websites, a single request on xmlrpc.php took average 200MB to 250MB of memory and these requests were continuous 10 to 20 per second on each website. Which results in system instability and caused my server out of memory then eventually crashed.
Now a days hackers started using xmlrpc.php instead of wp-login.php to execute their brute force attacks and the problem is, since wordpress version 3.5 we can’t disable the use of xmlrpc.php at least not from wordpress settings. But there are few ways, lets discuss them one by one.
1. Deleting xmlrpc.php
This is not recommended as after every wordpress update this file will be replaced so its not the smartest way to deal with.