How to stop xmlrpc.php attacks on Cpanel / WHM is a WordPress file that was intended to be used for API’s but lately it’s more and more used as a way for hackers to brute-force WordPress installations.

To block access to xmlrpc.php on a single WordPress installation add the following code to your .htaccess file:

<Files xmlrpc.php>
order deny,allow
 deny from all
 allow from

And in WHM to block access to xmlrpc.php file for all websites hosted on cPanel, add the following to WHM > Service Configuration > Apache Configuration > Include Editor

<IfModule mod_alias.c>
  RedirectMatch 301 /xmlrpc.php
whm prevent xmlrpc attack 1024x828 - How to stop xmlrpc.php attacks on Cpanel / WHM

All request to xmprpc.php file across all cPanel account will be blocked.

Stefan Pejcic
Join the discussion

I enjoy constructive responses and professional comments to my posts, and invite anyone to comment or link to my site.