Advice on Disabling XML-RPC for WordPress 6.6

  • Resolved vsalgadinho

    (@vsalgadinho)


    4 months, 1 week ago

    Hi everyone,

    I have just installed a WordPress website (version 6.6) and am considering disabling XML-RPC due to security concerns. I have read that XML-RPC is a potential security risk and can attract brute force and DDoS attacks.

    However, I want to make sure that disabling XML-RPC will not have a negative impact on future updates or other features of WordPress 6.6. I have found two methods to disable XML-RPC: using a plugin or adding rules to the .htaccess file.

    Here are my questions:
    1. What is the recommended method for disabling XML-RPC in WordPress 6.6?

    2. Does disabling XML-RPC affect future updates or core features of WordPress (especially regarding the .htaccess file option)?

    3. Are there any best practises or additional precautions I should consider before disabling XML-RPC?

Viewing 2 replies - 1 through 2 (of 2 total)

  • @vsalgadinho

    >> What is the recommended method for disabling XML-RPC in WordPress 6.6?<<

    both methods you mentioned (using a plugin or editing the .htaccess file) can be effective. However, using a plugin is generally recommended for several reasons: easier to implement, no file modification etc.

    >>Does disabling XML-RPC affect future updates or core features of WordPress (especially regarding the .htaccess file option)?<<

    Disabling XML-RPC should not affect future WordPress updates or core features in version 6.6. WordPress has been moving away from relying on XML-RPC for critical functions. Most modern WordPress features and the update process don’t depend on XML-RPC.

    few considerations: WordPress mobile app or Jetpack, these rely on XML-RPC and may not function properly/ And Some third-party services or plugins might use XML-RPC, so it’s worth checking if you use any such tools

    >>?Are there any best practices or additional precautions I should consider before disabling XML-RPC?<<

    backup, test thoroughly and monitor your site for changes etc, use and implement other security measures such as limit login attempts, using two factor auth, strong password policy etc.

    Remember, while disabling XML-RPC can improve security, it’s not a silver bullet. It’s part of a broader security strategy for your WordPress site.



    Thread Starter vsalgadinho

    (@vsalgadinho)

    Thank you so much, @soberbanda !

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.