Last updated on September 13, 2023

Disable XMLRPC

Don’t know where to add this snippet? Read our guide: How to add code snippets.

Disable xmlrpc.php completely.

XML-RPC is a remote procedure call (RPC) protocol used by WordPress that can potentially be used to launch brute-force attacks and other malicious activities. For example, if your site is experiencing unrecognised login attempts through xmlrpc.php, you might want to disable the functionality completely. Luckily it’s just one line of code!

add_filter( 'xmlrpc_enabled', '__return_false' );

This code filters the xmlrpc_enabled hook and returns false, which disables XML-RPC functionality in WordPress. Once you have added this code to your functions.php file, XML-RPC will be disabled on your website. Please note that this will break REST API functionality.

Last updated on September 13, 2023. Originally posted on April 30, 2023.

Leave a Reply

Your email address will not be published. Required fields are marked *