Jānis Valters
System administrator / DevOps / Ethical Penetration tester
© 2023 All rights reserved by valters.eu
How to Lock down xmlrpc.php in WordPress

This article explains how you can lockdown xmlrpc.php
using .htaccess
.
The WordPress xmlrpc.php
endpoint can be misused as an endpoint for brute force attacks.
If you do not use xmlrpc.php
for any integrations, you might as well disable it completely. Adding these lines to your .htaccess
file will disallow access to the endpoint for everyone.
Edit your public/.htaccess
file and add
<Files xmlrpc.php>
Require all denied
</Files>
Note: xmlrpc.php
is required by some plugins, like Jetpack.