Ah, the pitfalls of a popular framework. Everyone uses it therefore it’s easy to get coding help but everyone also abuses it so any and all exploits will be sussed out.
One of these is such a basic feature that I think everyone should turn off: XML-RPC. I won’t go into all the details but suffice it to say that it’s bad. And if you do want to access your WordPress site remotely, say like a headless CMS, then use REST instead of XML. It’s much better for your health, trust me.
Here’s how to disable it:
- Go to your site root’s .htaccess file
- Insert this snippet at the top:
# Block WordPress xmlrpc.php requests <Files xmlrpc.php> order allow,deny deny from all </Files>
You should be good. Double check if it worked by testing it here: https://xmlrpc.eritreo.it/ You should see that comforting red X in the next screen.
Source: WordPress StackExchange
We are sorry that this post was not useful for you!
Let us improve this post!
Tell us how we can improve this post?