Sales: 0844 88 43 400 (9am til 5pm GMT, Mon - Fri)

Knowledgebase

  Categories

Affiliates
2
Billing
12
cPanel
9
Domains
22
Email
25
Email Spam Filter
6
Hosting
41
ID Protect
4
Multi Site Hosting
4
Reseller Hosting
5
Support
10
Video Tutorials
124
Wordpress
12

  Categories

  Support

My Support Tickets
Announcements
Knowledgebase
Network Status
Open Ticket

How To Disable XML-RPC in Wordpress Print

  • 10

The XML-RPC function in Wordpress is usually used to make remote posts to Wordpress installations from Mobile devices. It is also used by a number of 3rd party plugins to deliver new content to your Wordpress site.

Unfortunately the XML-RPC function is now being widely exploited by the bad guys to launch DDOS and Brute Force attacks on a very regular basis. This is not only bad for the overall goodness of the Internet but it'll also cause high resource usage on your hosting account.

As such we recommend all users disable the XML-RPC functionality in Wordpress unless you are actually using the function.

To disable XML-RPC there are a couple of options. You can either disable access to the xmlrpc.php file in your .htaccess file or you can use a 3rd party plugin.

We personally recommend the .htacces method rather than using a plugin but both methods to disable xmlrpc.php can be found below.

Option 1 - Disable xmlrpc.php in .htaccess

This is very simple. All you need to do is edit the .htaccess file associated with the Wordpress site (it will be located in the home directory of the site) and add the following code to the file:

<Files xmlrpc.php>
Order allow,deny
Deny from all
</Files>
ErrorDocument 403 "XML-RPC Disabled."

Option 2 - Use a Plugin to disable XML-RPC

There are a number of plugins out there that claim to disable XML-RPC functionallity on Wordpress sites but a lot of them are inneffective. Based on user feedback, the following plugin seems to be doing a good job at blocking the requests at the time of writing, so if you didn't want to use the recommended .htaccess method above you can give the following plugin a try:

Disable XML-RPC Wordpress Plugin


As mentioned previously, a number of 3rd party plugins do use this function, so blocking it would break those plugins. Some of the most well known plugins that require XML-RPC can be found below:

  • WordPress Mobile App
  • JetPack (just some parts of it)
  • LibSyn (for podcasts)
  • BuddyPress
  • Windows Live Writer

But for the vast majority of Wordpress sites that we see, the XML-RPC function isn't used and is simply used as a way for the bad guys to exploit your site, hence we recommend disabling it.

Was this answer helpful?

Related Articles

How to fix 404 not found errors on a Wordpress Site A "404" error message is one of the most common issues webmasters are likely to come across and... How To Reduce Wordfence CPU Usage Wordfence is a very useful Wordpress plugin, and is used by a lot of clients to increase the... How To Enable Wordpress Admin Area Access For Your IP Address Locking down your Wordpress admin area so that only you have access to it is a great, easy to... Wordpress Security Tips As of February 2017, over 24% of the worlds websites are being powered by Wordpress.... How To Improve Wordpress Performance Wordpress has been a Godsend for people who are looking to set up a website without having any...
« Back

  Support

My Support Tickets
Announcements
Knowledgebase
Network Status
Open Ticket
HOSTING LINKS
Domain Names
HELP & SUPPORT
Other Stuff

Copyright D9 Solutions Ltd 2024, Registered In England & Wales. Company Number: 06879688. VAT Registration Number: 128 8364 88.
All Prices Exclude VAT. Contact Details