Disable xmlrpc.php

If you don’t know about the xmlrpc.php file. The file xmlrpc.php is a feature of WordPress that enables data to be transmitted through your site with HTTP requests. The transmitted data encoded with XML

To learn more about the xmlrpc.php file then please visit the xmlrpc.php page to read more about the xmlrpc.php file.

In this article, we are going to learn about the steps to turn off the xmlrpc feature from WordPress. We will show you two different methods here. You can select any one from them.


Method 1: Disable Xmlrpc.php by WordPress Plugin

Simply log in to your WordPress dashboard and navigate to Plugins and then Add New.

Search for a plugin called Disable XML-RPC and install it.

disable xml rpc

After installation, activate the plugin, and you are done. This plugin will automatically insert the required code to turn off the XML-RPC feature from your WordPress site.

Keep in mind that many plugins may utilize the parts of the xmlrpc.php file. Disabling it will cause a plugin to conflict or many functions on your site will no longer available.


Method 2: Using .htaccess file

A plugin uses the hardware resources of your server to run. You already know that this is not a very big task for a plugin. You can also disable it manually. Follow the below steps to disable the xmlrpc.php file.

This method will stop all requests of xmlrpc.php

Log in to your cPanel dashboard and go to the file manager section. Navigate to the WordPress installation directory.

You will find here a file named “.htaccess”. (If the .htaccess file is not visible then you have to turn on the ‘show hidden files’ option.


Open the .htaccess file in any text editor and paste the following code into that.

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
    order deny,allow
    deny from all

Now it’s all done. All requests that are coming to the xmlrpc.php file will be restricted.

Important: If you want to allow some specific IP Addresses to access this file then you can write the below code.

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
    order deny,allow
    deny from all
    allow from xxx.xxx.xxx.xxx

Here xxx.xxx.xxx.xxx will be replaced by the IP address which you want to whitelist. Only that IP address can access the xmlrpc.php file.

Modification of the .htaccess file is risky. It means a little mistake can cause your site offline or 500 Internal Server Error. Our code is safe to use but please use it carefully. Please avoid to do any mistake while modifying the .htaccess file.

In case of any problem you can comment below, we will reply soon.

Leave a Reply

Your email address will not be published.