xmlrpc.com is a WordPress file that was intended to be used for API’s but lately it’s more and more used as a way for hackers to brute-force WordPress installations.
To list all IP addresses that sent requests to /xmlrpc.php in last hour, run command:
grep "$(date -d '1 hour ago' +'%d/%b/%Y:%H')" /var/log/apache2/domlogs/*-ssl_log | grep "/xmlrpc.php" | awk '{print $1}' | sort | uniq -c | sort -nr | head -n 10
To block access to xmlrpc.php on a single WordPress installation add the following code to your .htaccess file:
<Files xmlrpc.php>
order deny,allow
deny from all
allow from 127.0.0.1
</Files>
And in WHM to block access to xmlrpc.php file for all websites hosted on cPanel, add the following to WHM > Service Configuration > Apache Configuration > Include Editor
<IfModule mod_alias.c>
RedirectMatch 301 /xmlrpc.php http://127.0.0.1/
</IfModule>
![How to stop xmlrpc.php attacks on Cpanel / WHM whm prevent xmlrpc attack 1024x828 - How to stop xmlrpc.php attacks on Cpanel / WHM](https://i0.wp.com/pcx3.com/wp-content/uploads/2021/03/whm-prevent-xmlrpc-attack.png?resize=736%2C595&ssl=1)
All request to xmprpc.php file across all cPanel account will be blocked.