Protect WordPress from XML-RPC Attacks




WordPress utilizes XML-RPC to remotely execute functions. This maybe the cause of “Error connecting to database” if there’s no issue with the database. To recognize an XML-RPC attack, Search the Apache log files for XML-RPC attacks:
# grep xmlrpc /var/log/httpd/access_log
and seeing many entries similar to “POST /xmlrpc.php HTTP/1.1 …”

To Manually block all xml-rpc traffic, add the following in httpd.conf or inside the VirtualHost. httpd.conf is located in /etc/httpd/conf/httpd.conf

<VirtualHost>
…    
    <files xmlrpc.php>
      order allow,deny
      deny from all
    </files>
</VirtualHost>

Check the httpd syntax and restart:
# httpd -t
# systemctl restart httpd