Should I disable XML-RPC on WordPress?

Steve32

Active member
Joined
Mar 15, 2014
Messages
210
Points
28
Should I deactivate XML-RPC on WordPress? I heard that XML-RPC is opening for brute force attacks, if yes, how to disable it in WordPress?
 

professorrosado

New member
Joined
Aug 30, 2015
Messages
236
Points
0
WordPress v3.5 introduces the filter xmlrpc_enabled:

add_filter('xmlrpc_enabled', '__return_false');

You can add this code to your wp_config.php after the line require_once(ABSPATH . 'wp-settings.php'); if you want to disable XML-RPC for your site.
from [URLnf="http://wpengineer.com/2484/xml-rpc-enabled-by-default-in-wordpress-3-5/"]here[/URLnf]

Also, there are a few plugins in the plugin repository that do this for you or block access to it. Try that option.
 

michaelswengel

New member
Joined
Dec 10, 2015
Messages
40
Points
0
I have it disabled on my sites, but it depends on your needs.

If you're concerned about security (as you should be) check out iThemes Security or a similar plugin and get your site locked down from attack. It's protected mine from attack a few times.
 

LowEndXeon

New member
Joined
Dec 14, 2015
Messages
36
Points
0
I would, due to the very easy to access attack methods for the people who'd like to pay to get a site downed for about 600 seconds. Becomes a huge issue if they continue. I'd do it based on your needs on WordPress.
 
Older threads
Replies
2
Views
10,728
Replies
11
Views
5,637
Replies
21
Views
7,975
Newer threads
Replies
9
Views
4,174
Replies
7
Views
3,390
Replies
10
Views
3,547
Replies
8
Views
2,970
Latest threads
Replies
0
Views
28
Replies
0
Views
29
Replies
1
Views
39
Replies
3
Views
94
Top