Using Squid to block WordPress XMLRPC attacks

Have you been hit with a lot of xmlrpc based attacks on your wordpress installation?
Are attackers planning to insert malware into your wordpress installation (soak-soak)?

I have a simple solution to share with you.

Since this website uses BNShosting web mirror service, i thought of using the squid service to block the tons of WordPress attacks using XMLRPC from ever getting to the origin server.

On your squid proxy configuration (squid.conf) add the following entries:

# for Identifying WordPress xmlrpc attacks in URL
acl wordpressAttackers url_regex xmlrpc
acl wordpressAttackers1 url_regex wp-includes/template-loader.php

# Block WordPress Xmlrpc Attackers
http_access deny wordpressAttackers
http_access deny wordpressAttackers1

Save the file, then restart the squid service.
The next time a hacker attempts to brute force your password or insert malware via the xmlrpc or /template-loader.php, the squid service will deny the attempt and filter these attacks before it even gets to the source server.

Leave a Reply

Time limit is exhausted. Please reload CAPTCHA.