How to Stop XMLRPC Attack in WordPress

Posted on
XML-RPC Attack
Saw a HTTP attack, it sent 12 to 20 requests per second on /xmlrpc.php, then made web server jam. In HTTP access log, we saw a lot of requests like this: – – [03/Mar/2019:21:35:40 -0500] “POST /xmlrpc.php HTTP/1.1” 200 401 – – [03/Mar/2019:21:35:40 -0500] “POST /xmlrpc.php HTTP/1.1” 200 401 – – [03/Mar/2019:21:35:40 […]

How to Prevent Visitors From Accessing Website Via Server IP

Posted on
Visitors may sometimes access your server by a pretty raw manner which contains the most specific matching IP address. For instance, suppose the server IP is, they might access the server via in any browser on purpose. If there’s no website or web page in the server document root (i.e. /var/www/html), httpd will return the […]

How to Validate a URL in PHP

Posted on
You don’t have to retrieve all content of a URL to determine the page is valid or not, just get the status code from URL’s header. Therefore, you need a function to handle it. In this post, I demonstrate a function in PHP for an example of retrieving the HTTP status code of URL, you […]