With this step-by-step tutorial, we will go over how to disable WordPress XMLRPC without a plugin. Continue reading to learn more!

Before we begin, let’s identify what XMLRPC is used for. Remote communications between our website and external apps are made possible through XMLRPC. In other words, it enables consumers to engage with our WordPress website using different mobile apps or blogging services. This was useful in the early days of the Internet when users chose to edit blog posts offline before connecting and publishing them.

Unfortunately, the benefits provided by XMLRPC have diminished significantly over time. This is one of the factors contributing to the preference of many of our clients to disable WordPress XMLRPC.

Additionally, leaving WordPress’ XMLRPC enabled increases the danger of Brute force and DDoS assaults.

How to Disable WordPress XMLRPC:

The first step is to enter into your WordPress hosting account and go to File Manager in cPanel.

Next, locate the .htaccess file by going to the public html folder. The search bar can be used to locate this file as well. In rare circumstances, finding the htaccess file may require visiting settings and selecting Show hidden files.

Open the .htaccess file after that, and then add the following code to it:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

Congratulations, you’ve now disabled XMLRPC on your WordPress website successfully, without the use of any third party plugins! If you are looking for a reliable WordPress hosting provider, be sure to take a look at RackNerd’s server hosting solutions below.