You can now disable XML-RPC to avoid Brute force attack for given IPs or can even enable access for some IPs. XML-RPC on WordPress is actually an API that gives developers who build mobile apps, desktop apps and other services, the ability to talk to a WordPress site. The XML-RPC API that WordPress provides gives developers, a way to write applications (for you) that can do many of the things that you can do when logged into WordPress via the web interface.
Block XML-RPC by following way.
- Disable pingback.ping, pingback.extensions.getPingbacks and Unset X-Pingback from HTTP headers, that will block bots to access specified method.
- Disable/Block XML-RPC for all users.
- Enable XML-RPC based on IP list.
- Disable XML-RPC based on IP list.
- Upload the plugin files to the
/wp-content/plugins/directory, or install the plugin through the WordPress plugins screen directly.
- Activate the plugin through the ‹Plugins› screen in WordPress
- Use the ‹XML-RPC Settings› screen to configure the plugin.
Do I need to take a backup of my existing .htaccess file
Yes, it’s preferable to take a backup of existing .htaccess file.
What if .httaccess file doesn’t have writeable permission?
You can copy and paste new rule in your .htaccess file from plugin setting page.
Contributors & Developers
“Manage XML-RPC” is open source software. The following people have contributed to this plugin.Contributors
- Beta release with basic testing.