How to Disable XML-RPC in WordPress
Posted on 14 February 2023
Are you looking for web hosting?
Start today from just £2.99/month
Our super-fast web hosting comes with the Direct Admin control panel, super-fast SSD drives, NGINX-Apache config for top performance, brotli compression, 99.9% uptime, daily backups and 1Gbps connectivity
Sign Up
XML-RPC is a remote procedure call (RPC) protocol used by WordPress to allow external systems to access and interact with its data. However, it also creates a potential security risk for your WordPress site. Therefore, disabling XML-RPC is a recommended security measure for WordPress sites.
Here are four methods you can use to disable XML-RPC in WordPress:
Method 1: Disable XML-RPC using a Plugin
The easiest and quickest way to disable XML-RPC in WordPress is to use a plugin. There are several plugins available that can help you disable XML-RPC with just a few clicks. One of the popular plugins is “Disable XML-RPC Pingback”. Here are the steps to disable XML-RPC using this plugin:
- Install and activate the “Disable XML-RPC Pingback” plugin from the WordPress repository.
- Go to the plugin’s settings page by clicking on the “Settings” link below the plugin name.
- Check the “Disable XML-RPC” option and save the changes.
That’s it! The plugin will disable XML-RPC on your WordPress site.
Method 2: Disable XML-RPC using Code
If you don’t want to use a plugin, you can also disable XML-RPC by adding code to your WordPress site. Here are the steps:
Are you looking for web hosting?
Start today from just £2.99/month
Our super-fast web hosting comes with the Direct Admin control panel, super-fast SSD drives, NGINX-Apache config for top performance, brotli compression, 99.9% uptime, daily backups and 1Gbps connectivity
Sign Up
- Open your WordPress site’s functions.php file in a code editor.
- Add the following code at the end of the file:
// Disable XML-RPC
add_filter('xmlrpc_enabled', '__return_false');- Save the file and upload it to your server using FTP or cPanel.
That’s it! The code will disable XML-RPC on your WordPress site.
Method 3: Disable XML-RPC using .htaccess
If you have access to your WordPress site’s .htaccess file, you can also disable XML-RPC by adding code to it. Here are the steps:
- Open your WordPress site’s .htaccess file in a code editor.
- Add the following code at the end of the file:
# Disable XML-RPC
Order Deny,Allow
Deny from all
- Save the file and upload it to your server using FTP or cPanel.
That’s it! The code will disable XML-RPC on your WordPress site.
Method 4: Move your website to us
Another solution is to host with us, we provide bespoke packages and give enhanced security by disabling things like XML-RPC which is a known vulnerability in WordPress.
Conclusion
Disabling XML-RPC in WordPress is a simple and effective way to improve your site’s security. You can choose any of the above methods to disable XML-RPC on your WordPress site. If you don’t use any plugins or external systems that require XML-RPC, it’s better to disable it altogether.
Hope this article helps you in disabling XML-RPC on your WordPress site!