---

WordPress uses an implementation of the XML-RPC protocol in order to extend functionality to software clients.

This Remote Procedure Calling protocol allows commands to be run, with data returned formatted in XML.

Beginning with WordPress 3.5 the XML-RPC functionality is enabled by default, without a way to disable.

Do I need WordPress XML-RPC?

Most users don't need WordPress XML-RPC functionality, and it's one of the most common causes for exploits.

Some clients such as the official WordPress Mobile Apps and Blogger use XML-RPC requests to function.

All of the WordPress XML-RPC requests are remote POST requests to the xmlrpc.php script.

A full list of the different requests that can be made via XML-RPC can be found at XML-RPC WordPress API

Block WordPress xmlrpc.php requests with .htaccess

I want to send WordPress XML-RPC requests from my fictional IP address of 10.10.10.10.

So I can deny all requests to the xmlrpc.php file, except for that IP, using the following .htaccess rules:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from 10.10.10.10
</Files>

If you didn't need any IP addresses to use XML-RPC requests, just don't use any allow lines.

Most useful articles

• 1. How do I Add an alias
  100%
• 2. VPS Hosting - Unable to open pty: No suc..
  100%
• 3. Adding Play List
  100%
• 4. PHP Web Hosting
  83%
• 5. Initial cPanel WHM Setup
  75%
• 6. Web Site Hosting
  67%
• 7. Introduction to Psybnc
  67%
• 8. Streaming to the server using SHOUTcast ..
  64%
• 9. What is Dedicated Server
  42%
• 10. Addon Domain
  40%

Popular articles

• 1. Setting Up Eggdrop
• 2. Using your Shell
• 3. What is IRCD
• 4. Introduction to Psybnc
• 5. Streaming to the server using SHOUTcast DSP Plugin for Winamp
• 6. What is Dedicated Server
• 7. Initial cPanel WHM Setup
• 8. Q & A for PLESK Control Panel
• 9. On Demand Streaming
• 10. Enhancing Your Eggdrop