nginx: Blocking Access to /xmlrpc.php

Posted on in System Administration

cover image for article

I recently ran into an issue on a Wordpress site running behind an nginx web server. The site was frequently being attacked by a botnet hitting /xmlrpc.php so rapidly, it would eventually force the FastCGI processes behind nginx to consume all available CPU. Naturally, this would cause all legitimate traffic to the site to timeout. My solution was to insert the following in the nginx configuration for the site:

location = /xmlrpc.php {
    deny all;
}

Although this change did not stop the brute force attack, nginx was able to handle it much more elegantly (read: not cratering the server) than php-cgi.

Slaptijack's Koding Kraken