Disable XML-RPC in WordPress

Ah, the pitfalls of a popular framework. Everyone uses it therefore it’s easy to get coding help but everyone also abuses it so any and all exploits will be sussed out.

One of these is such a basic feature that I think everyone should turn off: XML-RPC. I won’t go into all the details but suffice it to say that it’s bad. And if you do want to access your WordPress site remotely, say like a headless CMS, then use REST instead of XML. It’s much better for your health, trust me.

Here’s how to disable it:

  1. Go to your site root’s .htaccess file
  2. Insert this snippet at the top:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order allow,deny
deny from all

You should be good. Double check if it worked by testing it here: https://xmlrpc.eritreo.it/ You should see that comforting red X in the next screen.

Source: WordPress StackExchange

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

As you found this post useful...

Follow us on social media!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Glenn Santos

Published by Glenn Santos

Leave a Reply