Last week, a friend of mine asked me a question. Do you know what is XML-RPC? And how to disable XML-RPC in WordPress?
XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism.
“XML-RPC” also refers generically to the use of XML for remote procedure calls, independently of the specific protocol.
Q2: know what that’s for?
If you want to access and publish your blog remotely, then you need XML-RPC enabled.
But like other things, it has both advantages and disadvantages. It still provides an additional surface for attack if a vulnerability was ever found. So keeping it disabled would make more sense.
How to Disable XML-RPC in WordPress
1. Install the plugin
You can just install the plugin called Disable XML-RPC.
2. Paste the following code into your Theme Functions File
3.Block WordPress xmlrpc.php requests with .htaccess
Simply paste the following code into your .htaccess file:
# BEGIN protect xmlrpc.php <files xmlrpc="" php=""> order allow,deny deny from all </files> # END protect xmlrpc.php
If you don’t use any mobile app or remote connections to publish on your blog, you can disable XML-RPC by default.