Protect xmlrpc.php from Unwanted Access


The xmlrpc.php file

The xmlrpc.php file is the file used by WordPress to allow remote management actions to be carried out on your WordPress site, such as creating and publishing posts from mobile apps or central publishing dashboards, updating plugins and more.

If you're not using any of those remote management features, disabling the xmlrpc.php file will help protect your WordPress site and reduce potential excessive resource usage for your WordPress site, as well as protect it from attack.

There are a number of ways to disable it, but in this guide, we'll focus on one method - editing your site's .htaccess file

1. Log into cPanel.

2. Open the File Manager.

cpanel-file_manager.png

3. Click on the Settings icon in the top right corner

file_manager-settings.png

4. Tick the box to "Show Hidden Files (dotfiles)" and then click Save

enable-dotfiles.png

5. Click on the .htaccess file once, and then click Edit in the toolbar

choose-htaccess.png

6. Click the Edit button on the window that appears

edit-htaccess.png

7. Add the lines below at the bottom of the file:

htaccess-xmlrpc.png

<Files xmlrpc.php>
     Order Deny,Allow
     Deny from all
#    Allow from 127.0.0.1
</Files>


If you're using a remote management panel, remove the # from the start of the Allow line, and add in the IP address for the server that runs your remote management service. You can get this information from their support team.

8. Click the "Save Changes" button in the top right hand corner.

cpanel-save_changes.png
Congratulations. You've now protected your site's xmlrpc.php file from attacks.

Esta resposta foi útil?

 Imprimir este Artigo

Artigos Relacionados

Web hosting inode limits

Our Web hosting plans have unlimited disk space and bandwidth, however there are certain inode...

Steps To Take When Your Account Is Flagged For Excessive Resource Usage

Have you received a message from our team warning you about ‘excessive resource usage’?Any...

How To Prevent Excessive IMAP Activity On Your Email Account

Over time, IMAP has become one of the most common email protocols used to check an email account....

What Is Hotlink Protection

Hotlink protection ensures that you are protected against bandwidth theft. It prevents other...

Optimize your WordPress Site with WP Super Cache

Optimizing your WordPress website is important for user experience. Slow websites repel users,...