Think of XML-RPC like a special doorbell for your WordPress site. It lets other apps and tools ring that doorbell to connect with your site. But, in the past, some hacked used XML-RPC to sneak into WordPress sites.
So, in this guide, we’ll walk you through how to turn off this doorbell feature (XML-RPC) in WordPress to keep your site safer.
Disable XML-RPC with .htaccess file
Luckily, Apache lets you do this with a simple directive for disabling XML-RPC for your wordpress installation.
Just open your website’s root folder via FTP or cPanel file manager, and find .htaccess file. (Note: If you cannot see it there in cPanel file manager, then it means that the file is hidden. Please go to file manager settings and make sure that “show hidden files” option is checked). Next, Edit .htaccess file. And add this line of code on top:
# Block WordPress xmlrpc.php requests
deny from all
allow from 184.108.40.206
allow from 220.127.116.11 part. You can add any ip that you want to allow xmlrpc access from. If you want to block it all together then just remove this line.
Disable WordPress XML-RPC With a Plugin
Simply install and activate the “Disable XML-RPC-API” plugin to your WordPress site. Once it’s set up, it stops the unwanted doorbell feature (XML-RPC) right away.
If you ever want to adjust its settings, like giving access to specific trusted users, just head to the plugin’s options. From there, you can set it to recognize and allow certain visitors by listing their special addresses.
Testing if XML-RPC is disabled on your WordPress website
To make sure the unwanted doorbell (XML-RPC) is turned off on your WordPress site, you can do a quick check.
Just type in your website address followed by “/xmlrpc.php” in your browser, like this: “http://yourwebsite.com/xmlrpc.php”. Please replace yourwebsite.com with your site url/address.
If you did things right, you’ll see a message saying something like, “Forbidden: You don’t have permission to access this resource.” This means it’s turned off and working as it should.
If you have questions, Please feel free to put it in the comments section below
Last modified: January 8, 2024