Applicable to:
- Plesk for Linux
Question
How to disable XML-RPC for a WordPress instance hosted with Plesk?
Answer
- Log into Plesk
- Navigate to WordPress > example.com > Plugins and click Install
- Search for a plugin to disable XML-RPC in the search-field, with for example search-string xmlrpc
- Click Install to install a suitable plugin
-
Add the following additional nginx directives in Domains > example.com > Apache & nginx Settings:
location = /xmlrpc.php {
deny all;
}
if (!-e $request_filename) {
set $test P;
}
if ($uri !~ ^/(plesk-stat|webstat|webstat-ssl|ftpstat|anon_ftpstat|awstats-icon|internal-nginx-static-location)) {
set $test "${test}C";
}
if ($test = PC) {
rewrite ^/(.*)$ /index.php?$1;
}These directives will block requests to WordPress XML-RPC and process WordPress permalinks correctly.
-
Add the following additional nginx directives in Domains > example.com > Apache & nginx Settings:
location /xmlrpc.php {
deny all;
}This directive will block requests to WordPress XML-RPC.
To disallow access to XML-RPC functionality:
Warning: not confirmed solution for apache-only:
Note: Disable all XML-RPC functionality can cause security issues and is not recommended.
-
Navigate to Domains > example.com > File Manager and open the file .htaccess file in the root directory of the WordPress installation
-
Add the following code at the top of the file:
<files xmlrpc.php>
Order allow,deny
Deny from all
</files>
Comments
0 comments
Please sign in to leave a comment.