How to Disable XML-RPC in WordPress

Posted on 14 February 2023

XML-RPC is a remote procedure call (RPC) protocol used by WordPress to allow external systems to access and interact with its data. However, it also creates a potential security risk for your WordPress site. Therefore, disabling XML-RPC is a recommended security measure for WordPress sites.

Here are four methods you can use to disable XML-RPC in WordPress:

Method 1: Disable XML-RPC using a Plugin

The easiest and quickest way to disable XML-RPC in WordPress is to use a plugin. There are several plugins available that can help you disable XML-RPC with just a few clicks. One of the popular plugins is “Disable XML-RPC Pingback”. Here are the steps to disable XML-RPC using this plugin:

  1. Install and activate the “Disable XML-RPC Pingback” plugin from the WordPress repository.
  2. Go to the plugin’s settings page by clicking on the “Settings” link below the plugin name.
  3. Check the “Disable XML-RPC” option and save the changes.

That’s it! The plugin will disable XML-RPC on your WordPress site.

Method 2: Disable XML-RPC using Code

If you don’t want to use a plugin, you can also disable XML-RPC by adding code to your WordPress site. Here are the steps:

  1. Open your WordPress site’s functions.php file in a code editor.
  2. Add the following code at the end of the file:
// Disable XML-RPC
add_filter('xmlrpc_enabled', '__return_false');
  1. Save the file and upload it to your server using FTP or cPanel.

That’s it! The code will disable XML-RPC on your WordPress site.

Method 3: Disable XML-RPC using .htaccess

If you have access to your WordPress site’s .htaccess file, you can also disable XML-RPC by adding code to it. Here are the steps:

  1. Open your WordPress site’s .htaccess file in a code editor.
  2. Add the following code at the end of the file:
# Disable XML-RPC

    Order Deny,Allow
    Deny from all
  1. Save the file and upload it to your server using FTP or cPanel.

That’s it! The code will disable XML-RPC on your WordPress site.

Method 4: Move your website to us

Another solution is to host with us, we provide bespoke packages and give enhanced security by disabling things like XML-RPC which is a known vulnerability in WordPress.

Conclusion

Disabling XML-RPC in WordPress is a simple and effective way to improve your site’s security. You can choose any of the above methods to disable XML-RPC on your WordPress site. If you don’t use any plugins or external systems that require XML-RPC, it’s better to disable it altogether.

Hope this article helps you in disabling XML-RPC on your WordPress site!

Share this post with your friends, followers and connections!


Subscribe to our mailing list

* indicates required

View previous campaigns.