php
Disable XML-RPC in WordPress
7/25/2025
5 min read
XML-RPC is rarely used in modern WordPress setups and is a common attack vector for brute force and DDoS. Disable it to improve security.
add_filter('xmlrpc_enabled', '__return_false');
XML-RPC is rarely used in modern WordPress setups and is a common attack vector for brute force and DDoS. Disable it to improve security.
add_filter('xmlrpc_enabled', '__return_false');