Disable XML-RPC authentication check box

  • Resolved jon0005

    (@jon0005)


    3 years, 3 months ago

    what does the Disable XML-RPC authentication tick box actually do?

    we have code in the htaccess file to disable XML-RPC so is it necessary to also click this check box in wordfence?

    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @jon0005,

    The “Disable XML-RPC Authentication” checkbox disallows all authentication attempts using this method to communicate with your site rather than the REST API but cannot deny direct access to the file itself, which can still be a pretty popular target for attackers. Due to the varying nature of Wordfence installations on all sorts of hosting platforms, we give this option in case customers are unable to protect the file themselves as you have done.

    We regularly recommend the .htaccess method of denying access to xmlrpc.php to anybody certain none of their plugins or connected sites still use it. I usually have the checkbox checked in my sites regardless, but the .htaccess code you’ve implemented should be sufficient.

    Thanks,

    Peter.

    Thread Starter jon0005

    (@jon0005)

    Hi Peter,

    Thank you for the informative reply.

    Kind Regards

    Jon

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Disable XML-RPC authentication check box’ is closed to new replies.

Tags