Mitigate wp.getUserBlogs xmlrpc.php attacks and enumeration scans
It should be possible to mitigate against this wp.getUserBlogs enumeration scan with a filter, which we put in our THEME functions.php file. Basically it’s the same as the filter below to disable the pingback.ping function.
add_filter('xmlrpc_methods',function($methods){ unset($methods['wp.getUsersBlogs']); return $methods; });
Or this one
add_filter( 'xmlrpc_methods', 'remove_xmlrpc_pingback_ping' );
function remove_xmlrpc_pingback_ping( $methods ) {
unset( $methods['pingback.ping'] );
return $methods;
} ;
from
ADDED 15/07/2014
The best solution untill now, because it doesn’t produce high CPU usage like the other solutions
adding the following to htaccess file:
[bash]
RewriteRule ^xmlrpc.php$ "http:\/\/0.0.0.0\/" [R=301,L]
[/bash]
From:
http://wordpress.org/support/topic/resolving-xmlrpcphp-ddos-attack-with-htaccess-redirect