Top

Prevent DDOS to xmlrpc.php (wordpress) with ModSecurity

Lots of attacks are made towards WordPress XML-RPC (xmlrpc.php), which can cause a slowdown in the server.

If we get 5 query or more, drop the connection to 120s that IP. Also, decrease count by 2 every 60 seconds

ModSecurity – USAGE:

SecAction "phase:1,id:400000,t:none,pass,nolog,initcol:global=global,initcol:ip=%{remote_addr}"
SecRule REQUEST_URI "/xmlrpc\.php" "id:400001,nolog,drop,chain,phase:1,setvar:ip.ddos=+1,deprecatevar:ip.ddos=2/60,expirevar:ip.ddos=120"
SecRule IP:DDOS "@gt 5" "nolog"