Since WordPress 3.5 xmlrpc is enabled by default without the possibility to disable it from the admin dashboard.

Recently there was a post published in Sucuri’s Blog about Brute Force Amplification Attacks Against WordPress XMLRPC, recommending to turn off the XMLRPC in our WordPress installations.

You are able to turn off the XMLRPC via a filter hook

add_filter('xmlrpc_enabled', '__return_false');

But I would say the best way to do this is blocking the requests from the .htaccess file before the actual requests get to WordPress.
In order to let plugins that use xmlrpc ( if you have any installed ) continue to do so you may deny all access except the IP you need it to access.

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from ( hosting IP )
How to disable XMLRPC in WordPress

3 thoughts on “How to disable XMLRPC in WordPress

  • December 21, 2017 at 12:45

    I have checked your website and i’ve found some duplicate content, that’s why you don’t rank high in google,
    but there is a tool that can help you to create 100% unique articles, search for; Boorfe’s tips unlimited content

  • January 14, 2018 at 21:24

    I see you don’t monetize your site, don’t waste your traffic, you can earn extra bucks every month because
    you’ve got hi quality content. If you want to know how to make extra money, search for: Mertiso’s tips best adsense alternative


Leave a Reply

Your email address will not be published. Required fields are marked *