Title: xmlrpc.php
Last modified: January 27, 2025

---

# xmlrpc.php

 *  Resolved [dzweb84](https://wordpress.org/support/users/dzweb84/)
 * (@dzweb84)
 * [1 year, 3 months ago](https://wordpress.org/support/topic/xmlrpc-php-8/)
 * Hi, today I noticed some failed login xmlrpc.php with user “admin” from a bot,
   then I have selected Disable XML-RPC authentication in login security. If I try
   to go to url “yoursite/xmlrpc.php” I had “XML-RPC server accepts POST requests
   only.” So I put the code in the htaccess <Files xmlrpc.php> order deny,allow 
   deny from all </Files> after wordfence firewall code #END Wordfence WAF and now
   the url gives 403 forbidden; is this correct? Thanks for support.
    -  This topic was modified 1 year, 3 months ago by [dzweb84](https://wordpress.org/support/users/dzweb84/).
    -  This topic was modified 1 year, 3 months ago by [dzweb84](https://wordpress.org/support/users/dzweb84/).

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Support [wfpeter](https://wordpress.org/support/users/wfpeter/)
 * (@wfpeter)
 * [1 year, 3 months ago](https://wordpress.org/support/topic/xmlrpc-php-8/#post-18268191)
 * Hi [@dzweb84](https://wordpress.org/support/users/dzweb84/),
 * Yes, if you wish to block any access to XML-RPC, especially useful if you’re 
   not using Jetpack or the WordPress app, the code for .htaccess is:
 *     ```wp-block-code
       # Block WordPress xmlrpc.php requests<Files xmlrpc.php>order deny,allowdeny from all</Files>
       ```
   
 * This should help prevent registration and comment spam and seems to be behaving
   as intended. Our authentication setting can also be kept on.
 * Thanks,
   Peter.
 *  Thread Starter [dzweb84](https://wordpress.org/support/users/dzweb84/)
 * (@dzweb84)
 * [1 year, 3 months ago](https://wordpress.org/support/topic/xmlrpc-php-8/#post-18279143)
 * Hi,
 * thank you very much for your help.
    -  This reply was modified 1 year, 3 months ago by [dzweb84](https://wordpress.org/support/users/dzweb84/).

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘xmlrpc.php’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [dzweb84](https://wordpress.org/support/users/dzweb84/)
 * Last activity: [1 year, 3 months ago](https://wordpress.org/support/topic/xmlrpc-php-8/#post-18279143)
 * Status: resolved