Jānis Valters
Ethical Penetration tester / DevSecOps / IT Solution Developer / System administrator
© 2024 All rights reserved by valters.eu
How to Lock down xmlrpc.php in WordPress
This article explains how you can lockdown xmlrpc.php using .htaccess.
The WordPress xmlrpc.php endpoint can be misused as an endpoint for brute force attacks.
If you do not use xmlrpc.php for any integrations, you might as well disable it completely. Adding these lines to your .htaccess file will disallow access to the endpoint for everyone.
Edit your public/.htaccess file and add
<Files xmlrpc.php>
Require all denied
</Files>Note: xmlrpc.php is required by some plugins, like Jetpack.