The Support Forums will be in read-only mode for a scheduled maintenance window on 01 September 2016 14:00 UTC - 20:00 UTC. More information.

xmlrpc.php file necessary? Getting hacked - can I remove the file? (3 posts)

  1. gariben
    Posted 7 years ago #

    Is xmlrpc.php file a resource for hackers? Can I remove the file? I don't update the blog via external sources. What other files can I delete that will stop hackers?


    I run multiple wordpress sites and the sites are keep getting hacked. Sites are usually created and left alone as they are just informational sites. (I do upgrade to the most stable WordPress version)

  2. Len
    Posted 7 years ago #

    Can I remove the file?

    Yes. You can safely delete it. But - assuming your are using the latest version of WordPress, and you should - you don't really need to. As of 2.6 you can deactivate XML-RPC from within your Dashboard. Settings -> Writing and scroll down to Remote Publishing where you will see a checkbox to activate/deactivate remote publishing. (Enable the WordPress, Movable Type, MetaWeblog and Blogger XML-RPC publishing protocols.)

    If you're constantly getting hacked make sure you're using the latest version of WP. Have you checked your plugins? Perhaps you're using an outdated/vulnerable one? You may want to read Hardening WordPress.

  3. whooami
    Posted 7 years ago #


    you wrote:

    I already have /wp-db-backup plugin installed but want to backup images and other files just in case of HDD failure or system hacks.



    you wrote, in reply to someone else being hacked:

    I'm having the same problem.

    The above thread is 2 months old - You were never un-hacked properly.

Topic Closed

This topic has been closed to new replies.

About this Topic