_ck_

Always delete xmlrpc.php immediately from virtually all WP installs.
It’s responsible for several of the security issues with WP over the years, and it also allows unlimited password attempts. You can live without the mostly spam trackbacks for the safety of it being gone.

If you are on a dedicated or VPS (and you should be) I highly recommend the (free) configserver firewall http://configserver.com/cp/csf.html – it’s not just for cpanel anymore and it’s extremely good about blocking too many connections.

Last but not least when you can’t solve a ddos, replace apache with something like litespeed which is a drop in replacement (uses httpd.conf and .htaccess files directly unlike nginx). There is a free version and it can weather a ddos when apache would be long dead. Even automattic uses litespeed to this very day.

Name *

Email *

Website:

Topic Title (Maximum Length: 80):

Forum:
— No forum —AI and WordPress Articles Blocks Showcase Discussions Events Introductions Jobs and Working in WordPress Podcast Episodes Site and Block Editor