Vannkorn

Full Stack Web Developer

Close

Disable XML-RPC to Prevent Brute Force Attack!

XML-RPC helps you post to your WordPress blog via various weblog clients and so do unwanted guess

Ads: Register now via this link to receive $100 credit from Vultr

XML-RPC is a remote procedure call (RPC) protocol which uses XML to encode its calls and HTTP as a transport mechanism. XML-RPC also refers generically to the use of XML for remote procedure call, independently of the specific protocol.

With WordPress XML-RPC support, you can post to your WordPress blog using many popular Weblog Clients.

This is useful if you want to post the content via other platforms other than logging into the WordPress admin. Unfortunately, attackers can also use those weblog clients to brute force attack your WordPress site.

Thus if you don’t need to have other weblog clients to access to your WordPress posts, simply disable XML-RPC feature.

To do it, simply paste the following code right into your .htaccess file:

# BEGIN Disable XML-RPC.PHP

<Files xml-rpc.php>
    Order Deny,Allow
    Deny from all
</Files>

# END Disable XML-RPC.PHP

Learn more

Leave a Reply

Your email address will not be published. Required fields are marked *