Originally Posted by Zverka

I suppose it might be something to do with xmlrpc, as this is one thing that will put server on its knees when someone try to break in via api login on xnlrpc.php. I see how it looks like when thousands bots trying to guess credentials it looks like mini DDOS, and most of the bots are hosted on amazon aws, it is hard to blacklist all those IPs.

Google this https://www.google.nl/search?dcr=0&e....0.Kd-LVKt53s0

and my recommendation is to forbid direct access from public on this file xmlrpc.php via htaccess if you are not using api access, and most people don't.