How to Disable XML-RPC in WordPress
The community consensus is that XML-RPC is obsolete and should be disabled on all WordPress installations to prevent security vulnerabilities and CPU spikes.
Based on 12 community reports.
Linked sources: 3.
Known Issues
- Potential conflict with legacy mobile apps
- May break specific third-party integrations
Community Q&A
Why should I disable XML-RPC in WordPress?
XML-RPC is an older protocol that is frequently targeted by brute force attacks and can cause high CPU usage on your server.
How do I disable XML-RPC?
You can disable it by adding a rule to your .htaccess file, using a security plugin, or by asking your hosting provider to block it at the server level.
Will disabling XML-RPC break my website?
For most modern websites, disabling XML-RPC has no negative impact, as the REST API has replaced its functionality.