Replies: 0
I am seeing a hit almost every few minutes (almost all random international countries) in live traffic that show a few different page visits per hit with some variation of the following:
mydomain.com/xmlrpc.php
mydomain.com/wp-login
mydomain.com/401.shtml
(and then usually it shows the wp-login attempt again and then the 401.shtml one more time).
Do you know how I can stop this? I was thinking of adding something like:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{HTTP_REFERER} !.*example.com.* [NC]
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteRule ^(.*)$ – [F]
</IfModule>
To the top of my .htaccess, would that help? Any suggestions?
Also is Wordfence making them reach the 401.shtml page or is that for a different reason?
I know my WordPress version is old (we are in the process of trying to update it) but in the meantime I wanted to figure out a fix.
Thank you for your help.