WordPress.org

Support

Support » How-To and Troubleshooting » Can I delete xmlrpc.php in WordPress 3.5 ?

Can I delete xmlrpc.php in WordPress 3.5 ?

  • My site (running WP 3.5.2) is getting a lot of malicious traffic to domain.com/xmlrpc.php, to the point that the server is not being able to handle it.

    I tried to disable it via the wp-config.php and with a plugin, but it didn’t solve the problem.

    Now I am considering to completely remove the php file, but I would like to be sure I won’t destroy other things.

    Does anyone know if it’s safe to remove that file?

Viewing 4 replies - 1 through 4 (of 4 total)
  • If you have access to your .htaccess file, try blocking access to the xmlrpc file instead of removing it. Note, this will break any apps that use it, like the WP mobile app I believe.

    <Files xmlrpc.php>
      Satisfy any
      Order allow,deny
      Deny from all
    </Files>

    That might be a solution. I’ll test it out, thanks.

    Cool, let us know how it goes. If it fixes your issue, can you mark this thread resolved?

    Sure if it solves the problem I’ll mark the thread as resolved. Still testing it out though.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Can I delete xmlrpc.php in WordPress 3.5 ?’ is closed to new replies.
Skip to toolbar