WordPress – XML-RPC, will we deactivate?

Why, and for what purpose, was Xmlrpc.php created? 

The implementation of the XML-RPC WordPress dates back to the early days, even before becoming the WordPress. In the early days of the internet, when links were incredibly slow, the process of writing and publishing on the web was much more difficult and time-consuming. Instead of writing in the browser, most people wrote offline, then copied and pasted content onto the Web. Still, that process was far from ideal. The solution was to create an offline blog client, where you could write your content, then link to your blog and post it. This connection was made through XML-RPC.

This option, which was deactivated by default until version 3.5, was switched on by default. Preferably it should be the opposite, protecting the client and giving him the option to activate only if he really wanted, but as is not the case, we will teach how to block it. 

Disable via plugin

There are several ways to disable it and the simpler is to use the plugin, such as Disable XML-RPC . But is it worth putting another plugin in, increasing the load on WordPress and creating an eventual security breach? 

Disable through .htaccess

By placing 4 lines in your .htaccess file you will be effectively protected against attacks on this file.  Can not access .htaccess? Here’s how.

## block XML-RPC requests 
<Files xmlrpc.php> 
order deny, allow 
deny from all 
</ Files>

If you use nginx

The option to .htaccess does not work in nginx, so in this case will have to put in the configuration file: 

# # block XML-RPC requests 
location = /xmlrpc.php { 
deny all; 

This change will make it impossible to use jetpack, trackbacks, pingbacks and the blog connection via smartphone.

Leave a Reply

Your email address will not be published. Required fields are marked *