WordPress hacking attack from xmlrpc
Safe and Secure WordPress uses are not easy. Hackers are always trying to hack your WordPress site. WordPress site hacking is simple if you not using security. An important php file of your WordPress root folder is xmlrpc.php. You can check the status of your xmlrpc.php file. Go Browser and type http://www.yourdomain.com/xmlrpc.php. If it says the message “XML-RPC server accepts POST requests only.” So, you may face xmlrpc attack.
xmlrpc.php script supports WP function to remotely publish posts via email and get pingbacks. Hackers are going to the root of your WordPress site and inject some scripts via xmlrpc DDoS attacks to get your username and password.
Block the xmlrpc hacking attempt
Blocking xmlrpc hacking, you should edit your .htacess file. Simply paste the following code to the below of default code.
# BEGIN protect xmlrpc.php
deny from all
# END protect xmlrpc.php
After doing that go your dashboard and click settings than go discussion. There look default article settings. Top two item must be unmarked. Thanks all.