How to Disable XML-RPC in WordPress Website?

Table of Contents

XML-RPC is a remote procedure call protocol that allows different applications to communicate with each other. It is a common feature in WordPress that allows to communicate with other applications such as mobile devices to post content. But if you are not using such remote connection you should disable XML-RPC.

With the Nexter Extension (Free) plugin you can easily disable XML-RPC to make your site more secure.

Why Disable XML-RPC?

While XML-RPC can be useful for certain tasks, it can also pose security risks for your website. Hackers can use XML-RPC to launch brute force attacks or exploit vulnerabilities in your site’s code. To protect your WordPress website, it’s important to disable XML-RPC if you’re not using it. Many hostings like Kinsta by default keep XML-RPC disabled for security reasons.

How to Disable XML-RPC with The Nexter Extension?

To do this, go to Appearance > Nexter Settings > Security.

Then in Advance Security click on the Settings button.

advanced security settings

This will open the Advance Security popup, go to Disable XML-RPC and enable the toggle.

Then click on the Save button.

disable xml rpc