How to Disable XMLRPC.PHP FOR WORDPRESS?

XML-RPC for WordPress was designed to enable remote connections between your site and external applications.

WHY SHOULD I DISABLE XML-RPC?

There are security risks associated with leaving XML-RPC enabled. 
These can include: Brute Force Attacks and DDoS Attack

There are two ways.

1. Custom code in function.php

add_filter('xmlrpc_enabled', '__return_false');
add_filter('wp_headers', 'removeXPingback');
add_filter('pings_open', '__return_false', 9999);
function removeXPingback($headers) {
	unset($headers['X-Pingback'], $headers['x-pingback']);
	return $headers;
}

2. .htaccess

# Block WordPress xmlrpc.php requests

order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx

You can replace xxx.xxx.xxx.xxx with an IP address you wish to give access to xmlrpc.php. If you wish to remove access completely, you can simply remove this line.

Limited Access Offer! Enjoy 40% Off This Halloween with Code: SPOOKY40!

Essential

Essential

Essential

Forms

WooCommerce

Embed

Custom Field Fetch

WooCommerceNew

Display Condition

Woo Display ConditionNew

There are two ways.

1. Custom code in function.php

2. .htaccess

3. Using EC Addons

Ready to Get Started?

Choose your Yearly Plan

Spooktacular Savings! Get 40% Off This Halloween! SPOOKY40 Coupon Code!

Code will be automatically applied at checkout for instant savings.

Single Site

10 Site License

Unlimited Site License

Although we don’t think you’ll ever want one, we’ll gladly provide a refund if it’s requested within 14 days of purchase.

50% OFF for NGOs & Non-Profits

Regular Plugin Updates

Upgrade or Cancel Anytime

14 Days Money Back Warranty, No Question Asked.

Taxes are not included in the above prices.

A Professional team at your door to help you with all your querys.

Get your questions, answered directly from the developers

Useful Links