I've written before about using a special XMLRPC access rule to stop Wordpress DDoS attacks.
Quick summary: My server was being bombarded with hundreds of thousands of requests from foreign hosts (mostly Chinese). It took about a week before finding a fix - during which time my servers were slow, prone to crashing, and generally unusable. I found a helpful tip here. I simply added the following code to the bottom of my .htaccess file.