Updated: November 29, 2024
XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. In WordPress, it’s utilized for features like remote publishing and communication with mobile apps. However, its functionality can be exploited for malicious purposes, such as brute force attacks and DDoS amplification.
This code can be pasted into the functions.php file of your child theme or, download and install the plugin for simple code activation.
add_filter('xmlrpc_enabled', '__return_false');
For a more user-friendly approach, consider using a plugin that disables XML-RPC. This method doesn’t require code editing and can be managed directly from your WordPress dashboard.