On your WordPress website, do you want to disable XML-RPC? Since version 3.5, WordPress has come preconfigured with an interface for remote communication called XML Remote Procedure Call (XML-RPC). It enables communication methods like pingbacks and trackbacks between WordPress and other blogging platforms.
When another website links to your material, pingbacks and tracebacks cause notices to show up in the comments. As of right now, XML-RPC has been superseded by the REST API and is no longer functional for communication.
To allow for remote connections between your website and third-party apps, XML-RPC for WordPress was created. This indicates that customers can access their WordPress site from various blogging services or mobile applications. When a person wanted to modify information off-line and then login to their WordPress blog later to publish it, this was helpful in the early days of the internet.
In some circumstances, consumers may choose to use XML-RPC. But since its introduction, XML-capability RPC’s and use have been significantly diminished by technological advancements. As a result, the benefits that this feature initially provided have been negated by the possible security risks associated with leaving it enabled.
Step1: Go to Admin Dashboard
Step2: Click on Plugins >> Add New.
Step3: Click on Install & Activate Disable XML-RPC Plugins
# Block WordPress xmlrpc.php requests <Files xmlrpc.php> order deny,allow deny from all allow from 000.000.000.000 </Files>
Any IP address you want to grant access to for xmlrpc.php can be used in place of 000.000.000.000. You can simply delete this line if you want to entirely deny access.
add_filter('xmlrpc_enabled', '__return_false'); That’s All! I hope this article will help you. if you need any help please contact here.