EE does not seem to have any nginx location configs for xmlrpc attacks, any suggestions on how best to deal with these?

For anyone who wants to prevent the xmlrpc Brute Force Attack, you can simply deny all access to the file via nginx:

location = /xmlrpc.php {
    deny all;

Warning: this will prevent some third party services (valutpress) from working.

1 Like


Nice one, also you can delete xmlrpc.php if not needed.

Hello @datagroove

It’s been a long time, and we haven’t heard from you. It looks like your issue is resolved.

I am closing this support topic for now. Feel free to create a new support topic if you have any queries further. :slight_smile: