Disable XML-RPC to Prevent Brute Force Attack!

Disable XML-RPC to Prevent Brute Force Attack!

XML-RPC is a remote procedure call (RPC) protocol which uses XML to encode its calls and HTTP as a transport mechanism. XML-RPC also refers generically to the use of XML for remote procedure call, independently of the specific protocol.

With WordPress XML-RPC support, you can post to your WordPress blog using many popular Weblog Clients.

This is useful if you want to post the content via other platforms other than logging into the WordPress admin. Unfortunately, attackers can also use those weblog clients to brute force attack your WordPress site.

Thus if you don’t need to have other weblog clients to access to your WordPress posts, simply disable XML-RPC feature.

To do it, simply paste the following code right into your .htaccess file:


<Files xml-rpc.php>
    Order Deny,Allow
    Deny from all


Learn more

About the author

Vannkorn I am a WordPress lover. I make my living using WordPress. Buy a coffee
Show your support

Related Posts


Leave a Reply

Your email address will not be published. Required fields are marked *