XML-RPC is one of the core WordPress APIs that has been enabled by default since version 3.5, released in 2012. Therefore, every new WordPress installation has XML-RPC automatically active. This WordPress functionality simplifies connection and interaction with your website, for instance, through mobile apps for WordPress management or various automation services. If you don’t utilize XML-RPC on your website, it’s better for security reasons to disable it in WordPress. In this article, you’ll learn how to easily disable XML-RPC in WordPress, possibly the easiest way, using a short snippet that you’ll insert into your website using the WPCode plugin.
How To Easily Disable XML-RPC In WordPress using snippet
To avoid installing an additional plugin for these purposes, we’ll use a snippet and the popular WPCode plugin, which should be installed by anyone looking to customize their WordPress website’s properties and behaviors. A snippet is nothing more than a short piece of code in PHP or another language that alters the properties and behavior of the website.
Installing the WPCode plugin
To insert codes into your website, you have two options. You can hardcode the code into the file where it belongs, or you can use a plugin that dynamically inserts portions of the code into the website during its operation. The second option is better for one simple reason: it’s safer, and your code won’t be erased with each update that overwrites the file containing your code.
Here are the steps to install the WPCode plugin:
- Click on ‘Plugins‘ in the left menu.
- Choose ‘Add New‘ in the submenu.
- Notice the search field in the top right corner.
- Type in the key phrase ‘WPCode‘.
- Once WordPress finds the plugin, install and activate it.
If you’re interested in a complete article where I describe working with this plugin, check it out here: How to insert custom codes into WordPress.
Snippet for disabling XML-RPC in WordPress:
If you want to deactivate XML-RPC on your website, use the WPCode plugin mentioned above and insert this simple snippet into your site:
add_filter('xmlrpc_enabled', '__return_false');
Remember that this code is written in the PHP programming language. Make sure to set this language in the inserted snippet. Then, save and activate the code. Once the code is active, the XML-RPC service on the website will be inactive. If you ever decide to revert to XML-RPC, nothing is easier than deactivating the snippet with just one click.
How can you check if XML-RPC is indeed disabled?
You can perform a straightforward check. In your web browser, enter the address https://domain.tld/xmlrpc.php. If the service is disabled on the website, you’ll receive an error message like ‘Forbidden: You don’t have permission to access this resource.’ Otherwise, if the service is active, the browser will return a message such as ‘XML-RPC server accepts POST requests only.
How To Easily Disable XML-RPC In WordPress – conclusion
By adding the code above, you can enhance your website’s security by disabling the service for remote access and manipulation of your site through XML and HTTP/S requests. Additionally, WPCode plugin offers the great advantage of handling website code quite securely, and any changes made on the website can be easily reverted by simply turning off the code.
The website is created with care for the included information. I strive to provide high-quality and useful content that helps or inspires others. If you are satisfied with my work and would like to support me, you can do so through simple options.
Byl pro Vás tento článek užitečný?
Klikni na počet hvězd pro hlasování.
Průměrné hodnocení. 0 / 5. Počet hlasování: 0
Zatím nehodnoceno! Buďte první
Je mi líto, že pro Vás nebyl článek užitečný.
Jak mohu vylepšit článek?
Řekněte mi, jak jej mohu zlepšit.
Subscribe to the Newsletter
Stay informed! Join our newsletter subscription and be the first to receive the latest information directly to your email inbox. Follow updates, exclusive events, and inspiring content, all delivered straight to your email.