Wordpress

How to Stop XMLRPC Attack in WordPress

Posted on
XML-RPC Attack
Saw a HTTP attack, it sent 12 to 20 requests per second on /xmlrpc.php, then made web server jam. In HTTP access log, we saw a lot of requests like this: 35.185.90.35 – – [03/Mar/2019:21:35:40 -0500] “POST /xmlrpc.php HTTP/1.1” 200 401 35.185.90.35 – – [03/Mar/2019:21:35:40 -0500] “POST /xmlrpc.php HTTP/1.1” 200 401 35.185.90.35 – – [03/Mar/2019:21:35:40 […]
Apache

How to Prevent Visitors From Accessing Website Via Server IP

Posted on
Visitors may sometimes access your server by a pretty raw manner which contains the most specific matching IP address. For instance, suppose the server IP is 123.123.123.123, they might access the server via http://123.123.123.123/ in any browser on purpose. If there’s no website or web page in the server document root (i.e. /var/www/html), httpd will return the […]
PHP

How to Validate a URL in PHP

Posted on
You don’t have to retrieve all content of a URL to determine the page is valid or not, just get the status code from URL’s header. Therefore, you need a function to handle it. In this post, I demonstrate a function in PHP for an example of retrieving the HTTP status code of URL, you […]