WordPress.org

Ready to get started?Download WordPress

Forums

Can I delete xmlrpc.php in WordPress 3.5+? (5 posts)

  1. DailyBlogTips
    Member
    Posted 1 year ago #

    My site (running WP 3.5.2) is getting a lot of malicious traffic to domain.com/xmlrpc.php, to the point that the server is not being able to handle it.

    I tried to disable it via the wp-config.php and with a plugin, but it didn't solve the problem.

    Now I am considering to completely remove the php file, but I would like to be sure I won't destroy other things.

    Does anyone know if it's safe to remove that file?

  2. mindctrl
    Member
    Posted 1 year ago #

    If you have access to your .htaccess file, try blocking access to the xmlrpc file instead of removing it. Note, this will break any apps that use it, like the WP mobile app I believe.

    <Files xmlrpc.php>
      Satisfy any
      Order allow,deny
      Deny from all
    </Files>
  3. DailyBlogTips
    Member
    Posted 1 year ago #

    That might be a solution. I'll test it out, thanks.

  4. mindctrl
    Member
    Posted 1 year ago #

    Cool, let us know how it goes. If it fixes your issue, can you mark this thread resolved?

  5. DailyBlogTips
    Member
    Posted 1 year ago #

    Sure if it solves the problem I'll mark the thread as resolved. Still testing it out though.

Topic Closed

This topic has been closed to new replies.

About this Topic