How to disable XML-RPC with the A2 Optimized Plugin in WordPress

XML-RPC is a Remote Procedure Call method that uses XML as a transport over HTTP. WordPress uses an XML-RPC interface out of the box to allow other websites or apps to interact with your site. It is a WordPress API that uses the xmlrpc.php file to send and receive XML data. This file requires valid XML to be sent via post, and leaving it open like that is a security risk because it can be used for SQL injection attacks, Server Side Forgery, and other malicious activities. This article explains how to disable XML-RPC in WordPress using the A2 Optimized Plugin.

Disable XML-RPC with A2 Optimize

To disable XML-RPC in WordPress, follow these steps:

  1. Log in to your WordPress site with an administrator account.
  2. On the Dashboard in the left sidebar, click Plugins, and then click Add New:

  3. Search for “A2 Optimized” and, you will see a display of available plugins on your screen.Install and activate the A2 Optimized plugin:

  4. On the Dashboard in the left sidebar, click the new option A2 Optimized to view its options:

  5. Scroll down to the XML-RPC option, and click on Enable to block the XML-RPC services:

  6. Before blocking the XML-RPC services, try the WordPress demo services and get a response:

  7. If you receive a Method Now Allowed error, then the XML-RPC services has been properly disabled:>

More Information

For more information about the XML-RPC Services for WordPress, please visit: https://codex.wordpress.org/XML-RPC_Support

Get Managed WordPress Hosting

Article Details

Other Articles in This Category

Show More

Did you find this article helpful? Then you'll love our support. Experience the A2 Hosting difference today and get a pre-secured, pre-optimized website. Check out our web hosting plans today.

We use cookies to personalize the website for you and to analyze the use of our website. You consent to this by clicking on "I consent" or by continuing your use of this website. Further information about cookies can be found in our Privacy Policy.