nginx wordpress xmlrpc protect from brutal attack

I wish my xmlrpc.php only accessible by wordpress-jetpack and thrown 404 to anyone else

I tried

location ~ /xmlrpc.php {
      if ($http_user_agent !~* ".*jetpack.*") {
            return 403;
      }
}

I still get error when try connect my site from wordpress.com

2017/04/16 09:28:39 [error] 24200#24200: *1453 access forbidden by rule, client: 162.158.69.63, server: example.com, request: "POST /xmlrpc.php?for=jetpack&token=4xm%28

how do I create a redirect rules if $request_uri not contain “jetpack” then return 404 ?

Read more here: nginx wordpress xmlrpc protect from brutal attack

Leave a Reply

Your email address will not be published. Required fields are marked *