WordPress
- Check Your PHP Version in WordPress
- Discourage search engines from indexing this site
- How do I add a new WordPress admin user? Or remove one?
- How do I add HTML code to my website?
- How do I change who a form gets sent to?
- How do I edit my WordPress header or footer?
- How do I redirect a page or post?
- How do I replace an existing PDF or image in WordPress?
- How do I set up a staging website?
- How to Edit WordPress Navigation Menu/Links
- How To Improve WordPress Search
- How to know and what to do if my WordPress website gets hacked?
- How to test changes without messing up a live web page
- Should I run a WordPress security plugin?
- Should I upload videos directly to my website?
- What Is Xmlrpc.php in WordPress? Why disable it?
- What premium plugins/services do I get with your service?
- Where can I find images to use on my website?
- Why are there plugin updates in my WordPress Dashboard?
Troubleshooting
- Does my website use cookies?
- How To Assign A Technical Contact in Network Solutions
- How to clear the cache in Chrome
- How to clear the cache in Edge
- How to clear the cache in Firefox
- How to clear the cache in Opera
- How to clear the cache in Safari
- How to Clear Your Browser Cache
- How to Delegate Access to Your GoDaddy Account
- How to Delegate Domain Access on Namecheap
- How To View Your Website Traffic/Analytics
- I’m not receiving form notifications from my website
- My changes aren’t showing up on my website
- My image looks blurry after I upload it?
- My site shows a security/SSL warning
- What to Include When Contacting our Helpdesk
- Why doesn’t Google show my meta description or title?
What Is Xmlrpc.php in WordPress? Why disable it?
Table of contents
What is Xmlrpc.php?
XML-RPC is a way to let your WordPress website communicate with outside websites/services.
If you use the WordPress mobile app, for example, it requires this file in order to connect to your website.
Why disable Xmlrpc.php?
In short, it’s a security risk. It isn’t used by many things nowadays and we auto-disable it by default on all of our websites. There are a small handful of users who have requested it be enabled, but we highly advise against this.
In the same way it allows other websites/services to access your website to add content/etc, hackers can also use this to brute force attack your website.
Hackers can also use the file to DDoS your website and take it down (by overwhelming your hosting).
Because of the ways xmlrpc.php can be abused, disabling it generally also lowers server resources needed to run your website, so it can also speed up your website. It’s really a win-win to disable it.
