WordPress Help

Disable XML-RPC for WordPress

XML-RPC is a WordPress built-in feature that allows mobile apps and remote connections to publish to WordPress. If you don't want to be able to post remotely to your site, follow the steps below to disable XML-RPC for security reasons.

Warning: You should always back up your site before making any changes.
  1. Connect to your hosting account with FTP or File Manager.
  2. Once connected, go to the root directory for your WordPress site, which is the folder containing your site.
  3. Find and open the .htaccesss file.
    Note: If you use cPanel or FileZilla, make sure to enable the option to show hidden files.
  4. At the bottom of the .htaccess file, after the #END Wordpress line, insert the following code:
    <Files xmlrpc.php>
    Order Allow,Deny
    Deny from all
  5. Save the changes.

You've now disabled access to the XML-RPC function and added an additional layer of security to your WordPress site.

More info

Share this article