Disable XML-RPC in WordPress

Posted on November 11, 2016 at 7:45 pm

WordPress uses XML-RPC to remotely execute functions. For example, Jetpack and the WordPress mobile application use xmlrpc to remotely manage a WP site. However, also attackers try to exploit the xmlrpc.php file for bruteforce attacks. These attacks result in exhaustion of system resources causing services like PHP-FPM and MySQL to be unresponsive and as a consequence your VPS may be put offline by your hosting provider due to high CPU usage. To solve these issues, I just deny access to xmlrpc.php file via Nginx:

location = /xmlrpc.php {
    deny all;
}

Other Posts

Updated Posts