Disabling XML-RPC

  • Resolved cyberialman

    (@cyberialman)


    4 years, 1 month ago

    Hi There,

    I have installed WordFence and discovered an checkbox option to disable XML-RPC:
    Menu ‘Login Security’ >> ‘Settings Tab’ >> ‘Disable XML-RPC authentication’

    If I check this box, will WordFence disable the XML-RPC API?

    Also, will it disable the XML-RPC API for all users even though I have not enabled the 2 Factor Authentication?

    I’m asking these questions because I currently use another plugin called ‘Disable XML-RPC’ and I’m hoping that I might be able to use WordFence to disable the XML-RPC API instead of this plugin.

    Thanks for the help.

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @cyberialman,

    Wordfence doesn’t specifically block access to the xmlrpc.php file. It will only stop authentication attempts via xmlrpc.php if you use the Disable XML-RPC authentication feature you speak of in Wordfence > Login Security.

    Commonly, the WordPress app if you have 2FA or ReCAPTCHA enabled and the Jetpack plugin amongst other services do require access to XML-RPC. As a result of this, it is a common route to be tried by attackers.

    If you are happy to completely block access to the file, you can add the code below to your .htaccess file:

    # Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

    Let me know how you get on.

    Thanks,

    Peter.

    • This reply was modified 4 years, 1 month ago by wfpeter.
Viewing 1 replies (of 1 total)
  • The topic ‘Disabling XML-RPC’ is closed to new replies.

Tags