The majority of trash WordPress traffic is targeting wp-login.php with bruteforces and xmlrpc.php for pingback/dos attacks.
A simple solution? Enforce IP based ACLs via your web server.

Apache 2.4 .htaccess Example:

1
2
3
4
5
<Files wp-login.php>
 Require all denied
 # your IP below
 Require ip xxx.xxx.xxx.xxx
</Files>
1
2
3
4
5
<Files xmlrpc.php>
 Require all denied
 # your IP below
 Require ip xxx.xxx.xxx.xxx
</Files>

Leave a Reply

*