[ad_1]
Hello,
My XMLRPC file is currently being brute forced by what I assume is a bot that is guessing usernames like “admin” “test” etc… I can’t block an IP because it changes the IP every time it gets it wrong.
I’m not completely sure but it seems that if I have Cloudflare in “I’m Under Attack!” mode it resolves the problem, but I don’t want to keep it in that setting forever.
I can disable XMLRPC, but I run WooCommerce and potentially other plugins that use it. I understand that I can allow only certain IPs to access XMLRPC, how would I find these IPs, like WooCommerce’s IP and would I need any other IPs other than the plugins?
Thank you so much!
\- Michael
[ad_2]