How to Disable XML-RPC in WordPress

How to Disable XML-RPC in WordPress
Veronique Schweitzer

XML-RPC is an API that wraps the essential information inside a simple XML file and sends it to the mobile app or remote software. The mobile application then inflates this information with its own preconfigured design. The mobile app in this case no longer needs to download substantial webpage files, and you can still access your data in a nifty app.

How to Enable and Disable XMLRPC.PHP in WordPress and Why
Inez Ross

Chris, you asked “What kind of tools have you disabled in WordPress?” I have two tiny plugins that I use for temporarily disabling WP features. One hides the edit post links so that I can view a page without the clutter and without logging out. The other disables the edit post lock, so that I can do a training session with a remote client and we can both view the edit screen. I just put them into GitHub in case they’re useful for anyone else: and

How to Disable XML-RPC in WordPress
Alyssa Osborne

XML-RPC was added in WordPress 3.5 and allows for remote connections, and unless you are using your mobile device to post to WordPress it does more bad than good. In fact, it can open your site up to a bunch of security risks. There are a few plugins that utilize this such as JetPack, but we don’t recommend using JetPack for performance reasons.

Disable XML-RPC in WordPress – Complete Guide
Mikaela Werner

While monitoring hits to this blog, I recognize that the file which received most hits is xmlrpc.php. I was surprise because I don’t use XML-RPC for remote access, posting at all. I guess the problem may comes from bots, spammers or even hackers. So I decided to disable XML-RPC completely and here is how I did that.

Be the first to comment

Leave a Reply

Your email address will not be published.