Full Stack Web Developer


Disable XML-RPC to Prevent Brute Force Attack!

XML-RPC helps you post to your WordPress blog via various weblog clients and so do unwanted guess

Ads: Register now via this link to receive $100 credit from Vultr

XML-RPC is a remote procedure call (RPC) protocol which uses XML to encode its calls and HTTP as a transport mechanism. XML-RPC also refers generically to the use of XML for remote procedure call, independently of the specific protocol.

With WordPress XML-RPC support, you can post to your WordPress blog using many popular Weblog Clients.

This is useful if you want to post the content via other platforms other than logging into the WordPress admin. Unfortunately, attackers can also use those weblog clients to brute force attack your WordPress site.

Thus if you don’t need to have other weblog clients to access to your WordPress posts, simply disable XML-RPC feature.

To do it, simply paste the following code right into your .htaccess file:


<Files xml-rpc.php>
    Order Deny,Allow
    Deny from all


Learn more

Leave a Reply

Your email address will not be published. Required fields are marked *