If you have a high-traffic website, when you look at the website access log or SSL access log, you may find there are a lot of spam URL requests.
In my website one day’s access log, I found 90000 //xmlrpc.php request and 40000 //wp-cron.php requests. Such kind of requests will not be blocked by spam software because the request source IP and request frequency is regular.
But those kinds of request is useless at all and will only cost your website bandwidth and slow down your web server. So we should block them by myself.
1. Block Special URL Request In .htaccess File.
If your website server runs as a standalone server and does not use any CDN service, you can block such kind URL requests in your website’s .htaccess file. This is the so-called local block.
- Run ssh command to log in to your Linux server.
ssh [email protected]_server_ip_address
- Go to your website root folder ( usually /home/your_user_name/public_html folder ).
- Run vim command to edit the .htaccess file.
esc , ikey to enter input mode. Enter below content in the .htaccess file.
# Block WordPress xmlrpc.php requests <Files xmlrpc.php> order deny,allow deny from all allow from xxx.xxx.xxx.xxx </Files>
esc, :, w, q, !key to save the changes and exit vim editor.
- The disadvantage of this method is that the spam traffic still arrives at your original web server, it can not improve web server speed and performance largely.
2. Block Special URL Request In CDN Server.
If your website uses a CDN service ( for example Cloudflare ), you can block special URL requests by adding a firewall rule in the CDN service. This can reduce your website’s spam traffic largely because the spam URL request will never arrive at your website. This is a so-called cloud block.
2.1 Create Cloudflare Firewall Rule To Block Special Url Request.
- Log in to your Cloudflare account.
- Click the Firewall button at the top navigation bar, then click Firewall Rules link under the Firewall button.
- Click Create a Firewall rule button on the right side to create a new firewall rule.
- Input a Rule name on the next page.
- Add one or multiple incoming requests match conditions in the When incoming requests match… area. Multiple incoming requests match conditions can have And / Or relationship.
- In this example I select URI in the Field drop-down list, select Contains in the Operator dropdown list and input /abc.php in the Value input text box to create the first incoming request match condition.
- Then I click And button at the end of the above request match condition and input another query string contains the request match condition ( Field( URI Query String ), Operator( contains ), Value( username )).
- Select Block from the Choose an action drop-down list at the bottom of the page.
- Click the Deploy button to deploy the firewall rule.
- Now all the traffics that matches the above conditions will be blocked on the Cloudflare side. This will reduce original web server traffic pressure and improve server speed and performance.