How to block access to xmlrpc.php file?

Discussion in 'General OpenLiteSpeed Discussion' started by Mohsen Ghiasi, Mar 13, 2017.

  1. Mohsen Ghiasi

    Mohsen Ghiasi New Member

    Hello
    I use this code in httpd.conf to block access to xmlrpc.php file that kills many wordpress based websites every day ;-)
    Code:
    <FilesMatch "^(xmlrpc\.php|wp-trackback\.php)">
    Order Deny,Allow
    Deny from all
    </FilesMatch>
    Is it possible to add a rewrite rule to block access to some files like xmlrpc.php?
    If you use wordpress and security plugins please share your working codes that work.
    Thanks a lot
     
  2. lsfoo

    lsfoo Administrator

    Hi @Mohsen Ghiasi

    You could try a rewrite rule based deny:

    Code:
    RewriteRule ^(xmlrpc\.php|wp-trackback\.php) - [F,L,NC]
     
    Mohsen Ghiasi likes this.
  3. Mohsen Ghiasi

    Mohsen Ghiasi New Member

    Worked by adding a "/"
    Code:
    RewriteRule ^/(xmlrpc\.php|wp-trackback\.php) - [F,L,NC]
    Thank you so much :)
     
    lsfoo likes this.
  4. lsfoo

    lsfoo Administrator

    Excellent, glad to hear it worked out!
     
    Mohsen Ghiasi likes this.

Share This Page