How to Disable XML-RPC in WordPress
XML-RPC is a remote procedure call which uses XML to to encode its calls and HTTP as a transport mechanism. XML-RPC can be called as a system which enable user to publish post from remote weblog client.
Though this function was added for user benefit, hacker or attacker try to send thousands of call to your server and try to make your website down. So if you are facing thousands of http request call, it would be beneficial to disable XML-RPC in WordPress.
We are going to mention Two ways with which you can disable your XML-RPC in WordPress
- Add the below code to your wp-config.php file.
add_filter('xmlrpc_enabled', '__return_false'); - Add the below code .htaccess file.
# Block WordPress xmlrpc.php requests order deny,allow deny from all allow from 123.123.123.123
Using .htaccess you can allow your IP or particular IP and block rest of all.
Since, very few people use this system, it is better to turn it off.
