WordPress Security – Disable XML-RPC

Wordpress Security

XML-RPC is an age old wordpress feature which helps people with offline publishing and remote access to their wordpress site. It has become somewhat irrelevant now-a-days and on top of that some people use this for attacking your website in the bruteforce method. So, if you're concerned about the security of your website or wordpress security in general, here's how you can disable XML RPC in your wordpress website easily:

Method 1

If you have a child theme enabled on your site simply add the following code in the functions.php file.

add_filter('xmlrpc_enabled', '__return_false');

That's it! You now have xml-rpc disabled and your site is more secured.

Method 2

If you don't know how to use child themes or you don't have one activated in your site you can still disable xml-rpc by simply prohibiting access to the file that handles all the related operations ( the xmlrpc.php file which resides in the root of your wordpress installation ) from htaccess  . The htaccess file controls access rules for your site and you'll find it in the root of your wordpress installation. This might be hidden by default. Here's a quick guide on how to edit your htaccess file from Hostgator. Add the following code to the bottom or the top of your htaccess file.

<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

Make sure it either resides at the very top or bottom of the file so that there's no conflict or the code doesn't get wiped out when some other codes get changed in file automatically ( A good example of this would be the pretty permalink settings in wordpress )

That's it! Now your site is more secured than before you are safer from all those nasty, heart breaking brute force attacks!

We'll come back shortly with some more useful tricks and tips on wordpress and other web technologies. Read more articles at our TIPS section. Enjoy!

Leave a Reply

Your email address will not be published. Required fields are marked *