WordPress FAQ

How to Disable XML-RPC in WordPress

The community consensus is that XML-RPC is obsolete and should be disabled on all WordPress installations to prevent security vulnerabilities and CPU spikes. high confidence based on 12 community reports

The community consensus is that XML-RPC is obsolete and should be disabled on all WordPress installations to prevent security vulnerabilities and CPU spikes.

Based on 12 community reports.

Linked sources: 3.

Known Issues

Community Q&A

Why should I disable XML-RPC in WordPress?

XML-RPC is an older protocol that is frequently targeted by brute force attacks and can cause high CPU usage on your server.

How do I disable XML-RPC?

You can disable it by adding a rule to your .htaccess file, using a security plugin, or by asking your hosting provider to block it at the server level.

Will disabling XML-RPC break my website?

For most modern websites, disabling XML-RPC has no negative impact, as the REST API has replaced its functionality.

Reddit Sources