Articles in this section

See more

How to disable XML-RPC in WordPress?

Avatar
Benjamin Wessel
Updated
Follow
Plesk for Linux kb: how-to ABT: Group B

Applicable to:

  • Plesk for Linux

Question

How to disable XML-RPC for WordPress?

Answer

For domains with disabled proxy mode or PHP-FPM served by nginx

  1. Log into Plesk

  2. Add the following additional nginx directives in Domains > example.com > Apache & nginx Settings:

    CONFIG_TEXT: location = /xmlrpc.php {
    deny all;
    }
    if (!-e $request_filename) {
    set $test P;
    }
    if ($uri !~ ^/(plesk-stat|webstat|webstat-ssl|ftpstat|anon_ftpstat|awstats-icon|internal-nginx-static-location)) {
    set $test "${test}C";
    }
    if ($test = PC) {
    rewrite ^/(.*)$ /index.php?$1;
    }

    These directives will block requests to WordPress XML-RPC and process WordPress permalinks correctly.

For domains with enabled proxy mode and PHP served by Apache

  1. Log into Plesk

  2. Add the following additional nginx directives in Domains > example.com > Apache & nginx Settings:

    CONFIG_TEXT: location /xmlrpc.php {
    deny all;
    }

    This directive will block requests to WordPress XML-RPC.

To disallow access to XML-RPC functionality:

Warning: not confirmed solution for apache-only:

Note: Disable all XML-RPC functionality can cause security issues and is not recommended.

  1. Log into Plesk

  2. Navigate to Domains > example.com > File Manager and open the file .htaccess file in the root directory of the WordPress installation

  3. Add the following code at the top of the file:

    CONFIG_TEXT: <files xmlrpc.php>
    Order allow,deny
    Deny from all
    </files>

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles