The XML-RPC support by WordPress looks good in practice but unfortunately it’s commonly used as a denial of service (DOS)¬†attack by automatically posting data to the xmlrpc.php script and doing it in very short intervals. This in effect will eventually overload PHP increase the CPU load and in effect will make the affected website inaccessible.

This can be mitigated via NGINX using the following location block inside the server block:

location = /xmlrpc.php {
    deny all;
    access_log off;
    log_not_found off;
    return 444; 

The 444 response is unique to NGINX. The 444 status will cause NGINX to close the connection without sending any response. This will save your server’s processing power since it will not process the HTTP request at all.

Do note that this will cause WordPress plugins that rely on xmlrpc.php to completely fail, please use with caution.



Continue Reading

I had the good opportunity of ending up on Jim Westgren’s article about using Redis as a front end cache and it didn’t take long for me to try it on one of my virtual boxes. The results were unbelievable, pages that were taking about 0.2 to 1.2 seconds were now loading at 0.0025 second […]


Continue Reading Read More

I converted one of my websites today with static html pages to WordPress. Problem is I don’t want to lose the URLs on that site since they were already good as is. Solution, install WordPress on a different directory first – www.domain.com/wp/ then after the content has been transferred/copied, route it to www.domain.com. 1. I […]

{ 1 comment }

Continue Reading Read More