Disable xmlrpc.php and Secure your WordPress Website

xmlrpc.php is part of WordPress that is rarely used by any site, but poses a security risk. There has been a high level of attacks targeting this file so my advice it so secure your WordPress website by disabling this file completely.

You can do so by adding this code to the bottom of your .htaccess file in your WordPress root folder.

# Disable WordPress xmlrpc.php
<Files xmlrpc.php>
order deny,allow
deny from all

There are some plugins that also disable the file, but the most secure way is to add the snippet above to your .htaccess file.

You might be tempted to delete the xmprpc.php file, but when you install the next WordPress update the file will re-appear, so stick with the .htaccess approach for a permanent solution.

Leave a Comment

Your email address will not be published. Required fields are marked *