zm11011 on "[Plugin: Wordfence Security] brute force attack from multiple locations."

Hi I run the paid Wordfence, Over the last few days I have noticed multiple failed login attempts every few minutes and it is through xmlrpc.php

and they're all from different IP addresses, from different locations around the world. so It never get blocked or locked out or throttled as they are all from different IPs and locations.

I can see they are trying same useame for few days and then other same useame for few days. but they are from different IPs and locations every single time.

Can advise any solution?

Thanks

https://wordpress.org/plugins/wordfence/

My solution:

1. Install and enable plugin "Disable XML-RPC"
2. Rename XML-RPC file in site root so it ceases to exist.
3. Add to .htaccess
<Files xmlrpc.php>
deny from all
</Files>
4. Use country blocking whenever possible.
5. Thank the WordPress developers for their nice little bot attractant known as xmlrpc.php. It's so kind of them to give us ways to enjoy watching swarms of bots take down our websites.

6. See https://wordpress.org/support/topic/xmlrpcphp-attack-on-wordpress-38?replies=28

MTN

Hi.

Thanks for the answer.

but does disabling XML-RPG broke things such as jetpack plugin and other mobile APP?

is there any other way to solve this?