I’m getting several email an hour from DirectAdmin saying that my system load is too high. This is causing extremely slow loading speeds and sometimes my website doesn’t load at all. I asked my host about this, and he informed that wp-login.php and xmlrpc.php are visited a lot.
I’ve enabled OWASP Slr Et WordPress Attacks in the Firewall settings, use a plugin to change the login URL wp-login.php preventing access to wp-login.php page and wp-admin directory while not logged-in, and blocked access to xmlrpc.php in my .htaccess file. All without result.
Can I set specific Firewall Rules or Page Rules to block all these requests to these URLs from countries that normally don’t even visit my local Dutch site?