Disabling XML-RPC

Last Updated -

XML-RPC can be useful for external services to access your WordPress site, but can also cause additional resource usage and security issues from being active.

As a general rule, we recommend disabling any services you're not using, and depending on your particular use-case, XML-RPC might be one of them. Of course, keep in mind that some services such as Jetpack rely on XML-RPC and 

In this article, we'll show you how to disable XML-RPC to gain additional performance and security on your site.

Disabling XML-RPC on the Server Level

The best way to block incoming XML-RPC requests is by blocking it on the server side of things. This way, anyone attempting to access XML-RPC will be immediately blocked before anything else is handled, such as PHP processes.

If you're using some services that use XML-RPC, such as Jetpack, XML-RPC requests can also be filtered to only allow requests from a particular service.

To block XML-RPC on the server side, contact support for more information.

Disabling XML-RPC via a WordPress Plugin

While not quite as effective as blocking on a server level, XML-RPC can also be blocked using a WordPress plugin. To do so, install the Disable XML-RPC plugin from the WordPress plugin repository.

Inside this plugin, there aren't any settings to define. Just activate the plugin and all XML-RPC requests will be disabled.

Related Topics

Pagely is the Managed WordPress Hosting Platform designed to exceed the needs of media, business, and Enterprise customers alike. We help the world's biggest brands scale WordPress.

Copyright © 2006-2017 Pagely, Inc. All rights reserved.
Pagely® and WordPress® are registered trademarks.

Powered by Zendesk