Articles in this section

How to disable XML-RPC for a WordPress instance hosted in Plesk?

Leo Mastropierro
Updated
kb: how-to Plesk for Linux ABT: Group B

Applicable to:

  • Plesk for Linux

Question

How to disable XML-RPC for a WordPress instance hosted in Plesk?

Answer

  1. Login into Plesk
  2. Open WordPress > example.com > Apply critical security measures > Security Measures
  3. Select Block access to xmlrpc.php and click Secure

 

Was this article helpful?

Comments

2 comments
Date Votes
  • Avatar
    jorge García

    Hi, I´ve got a domain with enabled proxy mode and PHP server by Apache and I´ve applied the directive in the Additional Nginx Directives but the result when visit https://www.mydomain.com/xmlrpc.php is:

    XML-RPC server accepts POST requests only.

    So, the xmlrpc.php file keeps being vulnerable. What cai I do?

    0
  • Avatar
    Michael Angenendt

    Hello,

    is it possible to switch off the xmlrpc.php via default and/or e.g. with the “plesk ext wp-toolkit wp-cli ” via the CLI ? 
    Unfortunately I couldn't find anything specific.

     

    0

Please sign in to leave a comment.