Disabling XML-RPC

Collapse

Unconfigured Ad Widget

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Rachel S
    Senior Member
    • Apr 2022
    • 178
    #1

    Disabling XML-RPC

    VPS Hosting
    Is disabling XML-RPC still important?
    Tags: None
  • wisly.k
    Senior Member
    • May 2022
    • 189
    #2
    I still disable XML-RPC on most of my sites. It’s one of the most targeted endpoints for brute-force attacks, especially on smaller WordPress sites that don’t need remote publishing or mobile app access.

    Comment

    • Annie_P
      Senior Member
      • Aug 2022
      • 198
      #3
      Agree. If you’re not using the WordPress mobile app or Jetpack, there’s really no benefit to keeping it enabled. Blocking xmlrpc.php reduces attack noise significantly.

      Comment

      • Paul Schmidt
        Member
        • Jun 2025
        • 33
        #4
        I wouldn’t say “disable it everywhere.” Some features still depend on XML-RPC. For example, Jetpack, WordPress.com integrations, and some third-party publishing tools break if it’s fully disabled.

        Comment

        Previous template Next
        Working...
        X