How to disable XML-RPC with the A2 Optimized Plugin in WordPress
XML-RPC is a Remote Procedure Call method that uses XML over HTTP. WordPress is configured to use an XML-RPC interface out of the box that enables other websites or apps to interact with your site. XML-RPC requires valid XML to be sent via HTTP posts, but leaving it enabled is a security risk because it can be used for SQL injection attacks, Server Side Forgery, and other malicious activities. This article shows how to disable XML-RPC in WordPress using the A2 Optimized Plugin.
Disabling XML-RPC with the A2 Optimized plugin
To disable XML-RPC using the A2 Optimized plugin, follow these steps:
- Log in to your WordPress site as the administrator.
- Under Dashboard, click A2 Optimized:
Click the Optimization tab:
In the left sidebar, click Security:
In the SECURITY section, at the bottom click More Optimizations:
In the Block Unauthorized XML-RPC Requests row, click the slider to enable or disable blocking:
More Information
For more information about the XML-RPC service for WordPress, please visit https://codex.wordpress.org/XML-RPC_Support.
Article Details
- Product: All accounts
- Level: Beginner
Grow Your Web Business
Subscribe to receive weekly cutting edge tips, strategies, and news you need to grow your web business.
No charge. Unsubscribe anytime.
Did you find this article helpful? Then you'll love our support. Experience the A2 Hosting difference today and get a pre-secured, pre-optimized website. Check out our web hosting plans today.