How to disable XML-RPC via WordPress?

Question 1

I checked the server log of my WordPress website and found 100s of requests for "xmlrpc.php". It seems like brute-force attacks or DDoS attempts on the site. How can I disable the access to this file in WordPress?

Question 2

You can disable XML-RPC by adding the following line of code to "functions.php" file of WordPress.

add_filter( 'xmlrpc_enabled', '__return_false' );

However, this does not prevent direct access to xmlrpc.php. You can make changes in the configuration files for your website on your server to prevent direct access to xmlrpc.php. If you have Nginx server, you can add the following lines of code to the Nginx configuration file of your website to prevent access to XML-RPC.

# nginx rule to deny xmlprc.php
location = /xmlrpc.php {
deny all;
}

pythonuser · Answer 1 · 2025-03-10T22:02:40+0000

You can disable XML-RPC by adding the following line of code to "functions.php" file of WordPress.

add_filter( 'xmlrpc_enabled', '__return_false' );

However, this does not prevent direct access to xmlrpc.php. You can make changes in the configuration files for your website on your server to prevent direct access to xmlrpc.php. If you have Nginx server, you can add the following lines of code to the Nginx configuration file of your website to prevent access to XML-RPC.

# nginx rule to deny xmlprc.php
location = /xmlrpc.php {
deny all;
}

How to disable XML-RPC via WordPress?

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Related questions

Categories