Disable XML-RPC

XML-RPC allows mobile apps and remote connections to publish to WordPress. If you don't want to be able to post remotely to your site, follow the steps below to improve your site security.

1. You should always backup your site before making any changes.
2. Access the File Manager for your hosting plan. ( Web Hosting / cPanel )
3. Navigate to the folder in which WordPress is installed.
4. Edit the .htaccess file.
5. At the bottom of the .htaccess file, insert the following lines:
   

   <Files xmlrpc.php>Order Allow,DenyDeny from all</Files>

6. Save the changes to your file.

You've now disabled access to the XML-RPC function and reduced the number of ways your site can be attacked.

More info

• Return to Improve WordPress security.