Disable XML-RPC for WordPress
XML-RPC is a WordPress built-in feature that allows mobile apps and remote connections to publish to WordPress. If you don't want to be able to post remotely to your site, follow the steps below to disable XML-RPC for security reasons.
Warning: You should always back up your site before making any changes.
- Connect to your hosting account with FTP or File Manager.
- Once connected, go to the root directory for your WordPress site, which is the folder containing your site.
- Find and open the .htaccesss file.
- At the bottom of the .htaccess file, after the
#END Wordpressline, insert the following code:
<Files xmlrpc.php> Order Allow,Deny Deny from all </Files>
- Save the changes.
You've now disabled access to the XML-RPC function and added an additional layer of security to your WordPress site.