I added this to .htaccess of a WordPress site:
<files xmlrpc.php>
order allow,deny
deny from all
</files>
It works, when someone tries to access http://example.com/xmlrpc.php, this message is displayed:
Forbidden
You don't have permission to access /xmlrpc.php on this server.
But still, the log displays (less /var/log/apache2/error.log):
[Thu May 02 10:02:03.316061 2019] [access_compat:error] [pid 19467]
[client 1.2.3.4:49409] AH01797: client denied by server
configuration: /path/to/xmlrpc.php
How to deny access to xmlrpc.php (possibly from .htaccess) but prevent it to appear in the Apache logs?
from Deny xmlrpc.php file but don't log the failed requests
No comments:
Post a Comment