server crash due to ddos attack xmlrpc.php

Operating System & Version
CentOS v7.9.2009 STANDARD standard
cPanel & WHM Version

Gabriel Esteban

Dec 13, 2021
cPanel Access Level
Root Administrator
Hello, I have a problem with a DDOS attack carried out on the xmlrpc.hph files of my host.
We have detected that the host has a high CPU consumption, checking the load indicates that there are many processes of the type: /opt/cpanel/ea-php74/root/usr/bin/php-cgi /home/DOMAIN.LTD/public_html /index.php
and in the apache status it indicates many requests of the type:
http/1.1 POST /xmlrpc.php HTTP/1.1

This happens to me if I have port 80 open, since if I only leave port 443 open, the server consumes little cpu or an acceptable pcu again.

We have assumed that it is a security problem in the wordpress xmlrpc.php file and we have taken the following measures:

in apache in the configuration directory we have created a configuration file to prevent the loading of the file if requested
inside /etc/apache2/conf.d I have created the file xmlrpc.conf with the following code:
<files xmlrpc.php>
Require all denied
I have also created my own configuration according to cpanel instructions:
We have also put in wordpress the necessary measures for blocking in htaccess.

Even so, as soon as I open port 80, Apache starts to increase consumption and blocks the server.
Let's see if someone can give me a hint to improve security.


Last edited by a moderator:


Jurassic Moderator
Staff member
Oct 19, 2014
cPanel Access Level
Root Administrator
Hey there! If the DDoS is that large that it is taking the server offline, it would be best to reach out to your hosting provider to see if there is anything they can offer to handle this outside of your machine. Anything you do on the server side will still mean that your system needs to handle all that traffic, so it will still be slower than necessary.

You could try using a tool like mod_evasive:

but it sounds like these attacks are already more than that will handle.