XML-RPC is a Remote Procedure Call method that uses XML as a transport over HTTP. WordPress uses an XML-RPC interface out of the box to allow other websites or apps to interact with your site. It is a WordPress API that uses the xmlrpc.php file to send and receive XML data. This file requires valid XML to be sent via post, and leaving it open like that is a security risk because it can be used for SQL injection attacks, Server Side Forgery, and other malicious activities. This article explains how to disable XML-RPC in WordPress using the A2 Optimized Plugin.
To disable XML-RPC in WordPress, follow these steps:
Search for “A2 Optimized” and, you will see a display of available plugins on your screen.Install and activate the A2 Optimized plugin:
On the Dashboard in the left sidebar, click the new option A2 Optimized to view its options:
Scroll down to the XML-RPC option, and click on Enable to block the XML-RPC services:
Before blocking the XML-RPC services, try the WordPress demo services and get a response:
If you receive a Method Now Allowed error, then the XML-RPC services has been properly disabled:>
For more information about the XML-RPC Services for WordPress, please visit: https://codex.wordpress.org/XML-RPC_Support
Subscribe to receive weekly cutting edge tips, strategies, and news you need to grow your web business.
No charge. Unsubscribe anytime.