How to disable XML-RPC with the A2 Optimized Plugin in WordPress

XML-RPC is a Remote Procedure Call method that uses XML over HTTP. WordPress is configured to use an XML-RPC interface out of the box that enables other websites or apps to interact with your site. XML-RPC requires valid XML to be sent via HTTP posts, but leaving it enabled is a security risk because it can be used for SQL injection attacks, Server Side Forgery, and other malicious activities. This article shows how to disable XML-RPC in WordPress using the A2 Optimized Plugin.

The procedure below assumes that you have already installed the A2 Optimized plugin on your WordPress site. If you have not already done this, please see this article for information about how to do so.

Disabling XML-RPC with the A2 Optimized plugin

To disable XML-RPC using the A2 Optimized plugin, follow these steps:

  1. Log in to your WordPress site as the administrator.
  2. Under Dashboard, click A2 Optimized:

    A2 Optimized WP - Dashboard menu

  3. Click the Optimization tab:

    A2 Optimized WP - Optimization tab

  4. In the left sidebar, click Security:

    A2 Optimized WP - Sidebar - Security

  5. In the SECURITY section, at the bottom click More Optimizations:

    A2 Optimized WP - Security - More Optimizations

  6. In the Block Unauthorized XML-RPC Requests row, click the slider to enable or disable blocking:

    A2 Optimized WP - Security - XML-RPC slider

More Information

For more information about the XML-RPC service for WordPress, please visit

Get Managed WordPress Hosting

Article Details

Other Articles in This Category

Show More

Did you find this article helpful? Then you'll love our support. Experience the A2 Hosting difference today and get a pre-secured, pre-optimized website. Check out our web hosting plans today.

We use cookies to personalize the website for you and to analyze the use of our website. You consent to this by clicking on "I consent" or by continuing your use of this website. Further information about cookies can be found in our Privacy Policy.