I added this to .htaccess
of a WordPress site:
<files xmlrpc.php>
order allow,deny
deny from all
</files>
It works, when someone tries to access http://example.com/xmlrpc.php
, this message is displayed:
Forbidden
You don't have permission to access /xmlrpc.php on this server.
But still, the log displays (less /var/log/apache2/error.log
):
[Thu May 02 10:02:03.316061 2019] [access_compat:error] [pid 19467]
[client 1.2.3.4:49409] AH01797: client denied by server
configuration: /path/to/xmlrpc.php
How to deny access to xmlrpc.php (possibly from .htaccess) but prevent it to appear in the Apache logs?