How to Disable XML-RPC in Wordpress?

Short tutorial on How to Disable XML-RPC in Wordpress.

Disable XML-RPC

The XML-RPC function was originally designed to be used an intranet notification system for WordPress users. The primary purpose of the XML-RPC is to remote post the contents to WordPress from Mobile. Some plugins and third-party applications use XML-RPC to deliver content from their servers to your site. But, few use it to spam and hack the website. Hackers are using the XML-RPC function in WordPress for DDoS botnet attacks as well as Brute Force attacks.
In this short tutorial we will discuss on how to disable XML-RPC in wordpress. Follow the steps given below to disable XML-RPC section in a wordpress for performance and security optimization.
Step 1: Go to Filemanager → Public_html → wp-config.php file and add the below code and click on Save.
Wp Config Edit
add_filter(xmlrpc_enabled, __return_false);
Step 2: Edit .htaccess file and add the below code and click on Save.
Htaccess Edit
# START XML RPC BLOCKING
<Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>
# FINISH XML RPC BLOCKING

Step 3: Go to Dashboard → Settings → Discussion
Settings Discussion
Step 4: Turn off trackbacks and pingback. As we have already installed a plugin for disabling comments click on the plugin configure settings.
Discussion Settings
Turnoff Comments Trackbacks
Step 5: You have successfully disabled XML-RPC from your WordPress website.


Related Topics