Support » Fixing WordPress » Can I delete wp-xmlrpc.php file?

  • I have been told by my hosting that there is an infected file on my website. File is wp-xmlrpc.php.

    Is this file ok to delete completely? Will it effect my site in any way if I delete it via FTP?


    • This topic was modified 1 year, 4 months ago by redspot.
    • This topic was modified 1 year, 4 months ago by Jan Dembowski. Reason: Moved to Fixing WordPress, this is not an Everything else WordPress topic
Viewing 3 replies - 1 through 3 (of 3 total)
  • Did they actually tell you it was infected? You’ll need to replace that file then. If it was really infected though I’d have thought your web host would have quarantined that file, replaced it, or else fixed it for you.

    They may have mentioned XML-RPC as a potential security problem if you don’t need it though. According to some of the core team members, it’s no more a security threat than any other core feature in WordPress.

    Anyway, here’s a good discussion on that subject with several suggestions on removing that feature from WordPress if you don’t need it.

    I hope this helps and after you disable it and find you don’t need it for sure you can probably remove it but do know that a future WordPress update might put that file back.

    Moderator Samuel Wood (Otto)

    (@otto42) Admin

    There is no “wp-xmlrpc.php” file in WordPress.

    There is a file named “xmlrpc.php” which should not be deleted, as it is part of WordPress. However, if it has been modified, then you should replace it with a fresh copy from the WordPress zip file.



    .htaccess dsoyanızın en alt kısmına

    # Block WordPress xmlrpc.php requests
    <Files xmlrpc.php>
    order deny,allow
    deny from all
    allow from

    bunu kopyala yapıştır yapın yazan yere kendi ip adresinizi yazın
    ip adresinizi bilmiyorsanız google’a yazın hemen bulursunuz.
    biz aylardan beri saldırganlarla başımız belada bunu uyguladık şuanda bir kişi bile saldırı yapamıyor.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Can I delete wp-xmlrpc.php file?’ is closed to new replies.