Title: xmlrpc.php and security
Last modified: August 18, 2016

---

# xmlrpc.php and security

 *  [Cyndy Otty](https://wordpress.org/support/users/ceo/)
 * (@ceo)
 * [20 years, 7 months ago](https://wordpress.org/support/topic/xmlrpcphp-and-security/)
 * (I don’t know where to put this, I’m sorry.)
 * In my error logs today a specific IP was searching ALL OVER for this file – in
   what looks to me as the assumed possible installation folders (i.e. /wordpress,/
   postnuke, /tikiwiki, /weblog, /blog, etc.).
 * I’m curious – what is this file? What does it do? (I’m sorry if this is a stupid/
   obvious question.) Should I be worried about security. I mean the file isn’t 
   exactly _hidden_ – it’s exactly where it would be expected to be when WP is installed
   in the root of a site.

Viewing 6 replies - 1 through 6 (of 6 total)

 *  [Sushubh](https://wordpress.org/support/users/sushubh/)
 * (@sushubh)
 * [20 years, 7 months ago](https://wordpress.org/support/topic/xmlrpcphp-and-security/#post-267295)
 * it is used to ping the sites which track the updates on your site if you tell
   them to… :-S
 *  Thread Starter [Cyndy Otty](https://wordpress.org/support/users/ceo/)
 * (@ceo)
 * [20 years, 7 months ago](https://wordpress.org/support/topic/xmlrpcphp-and-security/#post-267300)
 * Okie-day, but that doesn’t so much answer my “should I be worried about security”
   question.
 *  Moderator [James Huff](https://wordpress.org/support/users/macmanx/)
 * (@macmanx)
 * [20 years, 7 months ago](https://wordpress.org/support/topic/xmlrpcphp-and-security/#post-267321)
 * > Should I be worried about security?
 * No. Let the WP developers be concerned about security for you. They will release
   security updates accordingly.
 *  Thread Starter [Cyndy Otty](https://wordpress.org/support/users/ceo/)
 * (@ceo)
 * [20 years, 7 months ago](https://wordpress.org/support/topic/xmlrpcphp-and-security/#post-267323)
 * *salutes* Yessir, macmanx. 🙂
 *  [whooami](https://wordpress.org/support/users/whooami/)
 * (@whooami)
 * [20 years, 7 months ago](https://wordpress.org/support/topic/xmlrpcphp-and-security/#post-267326)
 * I beg to differ. All web site owners should be CONCERNED about security. Should
   you worry? Probably not. But a healthy concern is not a bad thing.
 * After all, I do not let the car dealership worry about scheduling oil changes
   or tire rotations for my Jeep. It’s my responsibility, not theirs.
 *  Moderator [James Huff](https://wordpress.org/support/users/macmanx/)
 * (@macmanx)
 * [20 years, 7 months ago](https://wordpress.org/support/topic/xmlrpcphp-and-security/#post-267376)
 * > I beg to differ. All web site owners should be CONCERNED about security. Should
   > you worry? Probably not. But a healthy concern is not a bad thing.
 * Good point, Whooami. Pro-active observation and response is usually a user’s 
   best defense.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘xmlrpc.php and security’ is closed to new replies.

## Tags

 * [xmlrpc](https://wordpress.org/support/topic-tag/xmlrpc/)

 * In: [Everything else WordPress](https://wordpress.org/support/forum/miscellaneous/)
 * 6 replies
 * 4 participants
 * Last reply from: [James Huff](https://wordpress.org/support/users/macmanx/)
 * Last activity: [20 years, 7 months ago](https://wordpress.org/support/topic/xmlrpcphp-and-security/#post-267376)
 * Status: not a support question

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics