Disable XMLRPC

Hi,
Yes you need to use the Block default xmlrpc.php set this to Yes. You need to fill in the New XML-RPC Path with a custom value, i suggest to make it hard to guess.
Also set to Yes the option Remove rsd_link Meta at WP Hide > General / HTML > Meta.

Thanks

Hi,

Thank you for your reply

So i need to set the block default xmlrpc to yes as you said.

What about the Disable XML-RPC authentication & Remove pingback ? Are they related to xmlrpc that can be used for brute force attacks ? Also set them to which values ?

Last thing what is this for ( Remove rsd_link Meta ) ?

Best Regards

Hi,
The Disable XML-RPC authentication should always be set to No, unless need to disable authentication when calling the service.
Remove rsd_link Meta remove the front tag which outputs the actual XML-RPC link. So there is no way for anyone to figure out which is the new service url.

Thanks

Thank you so much that’s great,

Last thing: what about this Remove pingback ? Set it to yes or no and is it related to xmlrpc ?

Best Regards

Yes the pingback is related to xmlrpc and consist on a html tag with a rel="pingback" attribute and value to the xmlrpc. If need to block this service, i recommend to set this option to Yes to it does not outputs the new xmlrpc url.

Thanks

i want to secure the XMLRPC from brute force attacks completley, so i need to set the Remove pingback to yes as i have done this is the right, right ?

Yes you are correct.

thank you so much, we will have the premium version in couple of months to support the effort you made, we really appreciate this thank you so much