Skip to content

Instantly share code, notes, and snippets.

@warderer

warderer/.htaccess

Created June 22, 2022 22:59
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save warderer/aad50f2f787156e8ce990f067f4ff51b to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save warderer/aad50f2f787156e8ce990f067f4ff51b to your computer and use it in GitHub Desktop.
Download ZIP
[Disable WordPress XML-RPC with .htaccess] XML-RPC API is safe and enabled by default on all WordPress websites. However, some security experts may advise you to disable it. #wordpress #security #xmlrpc
Raw
.htaccess
# Method 1 for Blocking XMLRPC request before the request is even passed onto WordPress.
# Begin - Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from 123.123.123.123 # Optional: Specify allowed ip
</Files>
# End - Block WordPress xmlrpc.php requests
# Reference: https://www.wpbeginner.com/plugins/how-to-disable-xml-rpc-in-wordpress/
Raw
disableXMLRPC_plugin.php
# Method 2 Manually Disable XML-RPC in WordPress
# WordPress core provides a filter to manually add to your website and disable the XML-RPC API.
# ZIP this file and upload like a plugin.
<?php
/*
Plugin Name: Disable XML-RPC Plugin
Description: Disable XML-RPC in WordPress using Filter
*/
/* Start Adding Functions Below this Line */
add_filter('xmlrpc_enabled', '__return_false');
/* Stop Adding Functions Below this Line */
?>
# Reference: https://www.wpbeginner.com/plugins/how-to-disable-xml-rpc-in-wordpress/
# Reference: https://www.wpbeginner.com/beginners-guide/what-why-and-how-tos-of-creating-a-site-specific-wordpress-plugin/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment