Fix for wordpress xmlrpc.php ddos attack

The last two days we had major hassle from people doing a kinda DDOS on the xmlrpc by trying to ping back urls, I was banning Ip’s as fast as they popped up, but there were just too many, I altered the name of the file, but that doesn’t help, cause then the idiots get served the 404 page, and thats still a massive load on so many connections, I tried altering permissions, and also tried adding code i found into the theme functions.php, but nothing seemed to help, until I found this…

RewriteRule ^xmlrpc\.php$ “http\:\/\/0\.0\.0\.0\/” [R=301,L]

I added this to the .htaccess and loads dropped from 90% to a more reasonable 3% within a few seconds. all it does is redirect the fools to a url, so it doesnt even have to serve them the 404 not found pages.

Worked great, and gave me time to properly ban the offending IPs