XML-RPC is a remote procedure call (RPC) protocol used by WordPress that can potentially be used to launch brute-force attacks and other malicious activities. For example, if your site is experiencing unrecognised login attempts through xmlrpc.php
, you might want to disable the functionality completely. Luckily it’s just one line of code!
add_filter( 'xmlrpc_enabled', '__return_false' );
This code filters the xmlrpc_enabled
hook and returns false, which disables XML-RPC functionality in WordPress. Once you have added this code to your functions.php file, XML-RPC will be disabled on your website. Please note that this will break REST API functionality.