There was a problem loading the comments.

Protect xmlrpc.php from Unwanted Access

Support Portal  »  Knowledgebase  »  Viewing Article

  Print
The xmlrpc.php file

The xmlrpc.php file is the file used by WordPress to allow remote management actions to be carried out on your WordPress site, such as creating and publishing posts from mobile apps or central publishing dashboards, updating plugins and more.

If you're not using any of those remote management features, disabling the xmlrpc.php file will help protect your WordPress site and reduce potential excessive resource usage for your WordPress site, as well as protect it from attack.

There are a number of ways to disable it, but in this guide, we'll focus on one method - editing your site's .htaccess file

1. Log into cPanel.

2. Open the File Manager.

cpanel-file_manager.png

3. Click on the Settings icon in the top right corner

file_manager-settings.png

4. Tick the box to "Show Hidden Files (dotfiles)" and then click Save

enable-dotfiles.png

5. Click on the .htaccess file once, and then click Edit in the toolbar

choose-htaccess.png

6. Click the Edit button on the window that appears

edit-htaccess.png

7. Add the lines below at the bottom of the file:

htaccess-xmlrpc.png

<Files xmlrpc.php>
     Order Deny,Allow
     Deny from all
#    Allow from 127.0.0.1
</Files>

If you're using a remote management panel, remove the # from the start of the Allow line, and add in the IP address for the server that runs your remote management service. You can get this information from their support team.

8. Click the "Save Changes" button in the top right hand corner.

cpanel-save_changes.png
Congratulations. You've now protected your site's xmlrpc.php file from attacks.

Share via
Did you find this article useful?  

Related Articles


Comments

Add Comment

Replying to  

© Site Arrow