Oftentimes, malicious traffic is created by rapidly accessing a xmlrpc.php file, creating a high server load, or causing limits to be reached on the server. Configuring a .htaccess file to disable xmlrpc in a cPanel account can provide better security.
Procedure
- Log in to the affected cPanel account.
- Go to “Home / Files / File Manager”.
- Access public_html (or your website content’s document root).
- Create a new file named .htaccess or edit the existing file.
- Paste the following code into the file:
# Block WordPress xmlrpc.php requests <Files xmlrpc.php> Require ip xxx.xxx.xxx.xxx Require all denied </Files>