How to Block XML-RPC Attacks?
How to Disable xmlrpc.php in WordPress?
Content
What is XML-RPC?
XML-RPC is a remote procedure call which uses XML to encode its calls and HTTP as a transport mechanism. In short, it is a system that allows you to post on your WordPress blog using WordPress mobile app. It is also needed if you want to make connections to services like IFTTT.
If you want to access and publish to your blog remotely, then you need XML-RPC enabled.
How to Disable XML-RPC
Plugins:
Wordfence
Settings:
Login Security – Disable XML-RPC authentication
Disable XML-RPC
Settings:
Actvate plugin
WordPress filter
All you have to do is paste the following code in a site-specific plugin:
add_filter('xmlrpc_enabled', '__return_false');
Via .htaccess
Simply paste the following code in your .htaccess file:
<Files xmlrpc.php> order deny,allow deny from all allow from 10.0.10.102 </Files>
WAF – Web Application Firewall
Cloudflare
Settings:
Cloudlfare – Firewall Rules – URI contains xmlrpc.php
If you have found a spelling error, please, notify us by selecting that text and pressing Ctrl+Enter.
Spelling error report
The following text will be sent to our editors: