You can put this code in your DOCUMENT_ROOT/.htaccess
file:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} !WordPress [NC]
RewriteRule ^ /site? [L,R]
Question
So, my site has is constantly getting hit by xmlrpc DDOs attacks. I can't afford cloudflare enterprise or anything like that, so I devised a way to fix it using .htaccess. If I don't have an index file for my root directory, the DDOS attack stops. Right now, I save my entire site in /site; how can I redirect users if their useragent does NOT contain "WordPress", to that folder? I had a way that redirected everyone working, but that just makes my /site get DDOSed instead.
Solution
You can put this code in your DOCUMENT_ROOT/.htaccess
file:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} !WordPress [NC]
RewriteRule ^ /site? [L,R]