Create the configuration file:
1 | touch /etc/apache2/conf-available/block-wp-xmlrpc.conf |
Fill it with the following contents:
1 2 3 4 5 6 | <Directory /home/*/public_html/*/> <files xmlrpc.php> order allow,deny deny from all </files></Directory> |
And then enable it:
1 2 | a2enconf block-wp-xmlrpc.confservice apache2 reload |
When looking for advise on hardening your WordPress sites many blogs recommend adding the following in a .htaccess file in each sites upload folder:
1 2 3 | <Files *.php>Deny from All</Files> |
For those of us with a large amount of WordPress Sites, this is obviously labor prohibitive. If you have a regularized folder structure you may be able to do something like this:
1 2 3 4 5 6 | <Directory /home/*/public_html/*/wp-content/uploads> <FilesMatch "\.(php|php\.)$"> Order Allow,Deny Deny from all </FilesMatch></Directory> |
And put it into a Apache configuration file as such:
And then enable it:
1 | a2enconf block-wp-uploads-php.conf |