Block XMLRPC access in WordPress

Block the xmlrpc.php file in WordPress. Set the IP addresses to allow access from if necessary:

<Files xmlrpc.php>
<IfModule !mod_authz_core.c>
order deny,allow
deny from all
allow from <IP ADDRESS>
</IfModule>
<IfModule mod_authz_core.c>
Require ip <IP ADDRESS> <IP ADDRESS>
</IfModule>
</Files>

A simpler way is just to deny from all:

<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

Leave a Reply

Your email address will not be published.