XML-RPC is a Remote Procedure Call method that uses XML as a transport over HTTP. WordPress uses an XML-RPC interface out of the box to allow other websites or apps to interact with your site. It is a WordPress API that uses the xmlrpc.php file to send and receive XML data. This file requires valid XML to be sent via post, and leaving it open like that is a security risk because it can be used for SQL injection attacks, Server Side Forgery, and other malicious activities. This article explains how to disable XML-RPC in WordPress using the A2 Optimized Plugin.
To disable XML-RPC in WordPress, follow these steps:
Search for “A2 Optimized” and, you will see a display of available plugins on your screen.Install and activate the A2 Optimized plugin:
On the Dashboard in the left sidebar, click the new option A2 Optimized to view its options:
Scroll down to the XML-RPC option, and click on Enable to block the XML-RPC services:
Before blocking the XML-RPC services, try the WordPress demo services and get a response:
If you receive a Method Now Allowed error, then the XML-RPC services has been properly disabled:>
For more information about the XML-RPC Services for WordPress, please visit: https://codex.wordpress.org/XML-RPC_Support
Subscribe to receive weekly cutting edge tips, strategies, and news you need to grow your web business.
No charge. Unsubscribe anytime.
Did you find this article helpful? Then you'll love our support. Experience the A2 Hosting difference today and get a pre-secured, pre-optimized website. Check out our web hosting plans today.