XML-RPC is a Remote Procedure Call method that uses XML over HTTP. WordPress is configured to use an XML-RPC interface out of the box that enables other websites or apps to interact with your site. XML-RPC requires valid XML to be sent via HTTP posts, but leaving it enabled is a security risk because it can be used for SQL injection attacks, Server Side Forgery, and other malicious activities. This article shows how to disable XML-RPC in WordPress using the A2 Optimized Plugin.
To disable XML-RPC using the A2 Optimized plugin, follow these steps:
Click the Optimization tab:
In the left sidebar, click Security:
In the SECURITY section, at the bottom click More Optimizations:
In the Block Unauthorized XML-RPC Requests row, click the slider to enable or disable blocking:
For more information about the XML-RPC service for WordPress, please visit https://codex.wordpress.org/XML-RPC_Support.
Subscribe to receive weekly cutting edge tips, strategies, and news you need to grow your web business.
No charge. Unsubscribe anytime.