SGURYGF2

Thanks for your reply.

I think i misstated by question. I want to change the number of posts PER PAGE so that the pagination is removed. Unfortunately I cannot find such option.

I have tried :

add_action( 'pre_get_posts', function ( $q ) {
    if( !is_admin() && $q->is_main_query() && $q->is_post_type_archive( 'test-type' ) ) {
        $q->set( 'posts_per_page', 100 );
    }});

but doesnt work

i think it would be more appropriate if you contacted the developers of WP-RENTALS directly. They are always very helpful. (at least if you have an active support licence)

From my understanding you have a limited knowledge of this things so i would just recommend that you just renew your hosting and just put your website offline or put an index.html /landing page.

If you were to not renew the hosting, you would need to create a full account backup and download it to your computer and whenever you are ready to resume business restore it.

I too believe that this is something that could have been addressed by WP at some extend.

One way to mitigate this issue is to count how many failed authentication requests are sent and if too many, then ignore the requests. No legitimate connection will initiate that many requests per second. It doesnt have to be on failed authentication requests but on any request.

Of course this will only work on minor DoS attacks not big ones but thats still something.

I think that if WP team wanted to deal with this, they could of.

I also believe that it CAN be considered as a vulnerability because its a vulnerable point that can lead to DoS attacks.

One could argue that this can and must be handled via 3rd party software like fail2ban or a firewall. I agree, but at the application level, im sure there are also things that can be done.

Its better to make make WP 1% slower and more “secure” rather than having xml-rpc attacks slow the website down by 100%.