I read near the end of this guide regarding utilizing SSHguard to protect WordPress from Brute force attacks that after configuring SSHguard the relevant way, one must:
disable XML-RPC by blocking all remote access to /xmlrpc.php in your
web server configuration.
-
I don’t use XML-RPC in any of my websites.
-
I use Nginx as my web server.
I’m not sure what is the best way to totally block XML-RPC. Nginx conf for each site? WP-CLI operation per site?
What is the common way to do so?
2 Answers
On nginx, to block access to the xmlrpc.php file, add this location block to the server block of your configuration file:
location ~ ^/(xmlrpc\.php) {
deny all;
}