Additionally to using htaccess, you can disable the XML-RPC function by adding the following to your child theme’s functions.php:
# Set XML-RPC features to false
add_filter( 'xmlrpc_enabled', '__return_false' );
add_filter( 'pre_option_enable_xmlrpc', '__return_zero' );
Related Posts:
- Blocking access to wp-login via htaccess not working
- XMLRPC filtering through htaccess not working
- Basic Auth .htaccess on wp-login, but allow logout from woocommerce
- Improve wordpress security by hiding non public resources
- Does this .htaccess security setting really work?
- Change Login URL Without Plugin
- File and directory permissions
- adding rewrite rules in .htaccess
- Using “wordpress_logged_in” to restrict direct access to uploads folder in 2021
- WordPress URL/Folder ReWrite using Htaccess
- Which WordPress scripts need to be executable for a fresh installation?
- Block only external access to wp-cron.php on OpenLiteSpeed
- Restricting user login by IP address
- WordPress: Adding Security
- How do I test to ensure that my wp-config file is protected?
- WordPress not seeing .htaccess rules
- Rules in .htaccess only if the requested URL is /wp-admin
- Disable directory browsing of uploads folder
- Strange behaviour of is_user_logged_in() and get_current_user_id()
- Selectively Disabling PHP via .htaccess in Root Directory
- Azure WordPress deny access to xmlrpc
- Should I prevent access to .htaccess and wp-config.php files?
- Blocking wp-login in HTACCESS has also blocked password protected pages
- Using htaccess to prevent spam through wp-comments-post.php
- How can I create a private site that is inaccessible from the outside?
- Restrict Content for only Contributors via .htaccess
- Allowing access to certain WordPress created pages or posts with htaccess / htpasswd
- Why is this line of code Wrong in every WordPress .Htaccess security article?
- When accessing a wordpress blog, I want to force http when accessing wordpress via xmlrpc otherwise force https
- WordPress site hacked. Has .htaccess been hacked?
- Brute force attack?
- .htaccess and 500 error, extra character added
- Place static HTML files in path below WordPress page
- htaccess rewrite for author query string when WP is in subfolder
- Why “Settings->Permalinks” creates .htaccess file on nginx server?
- .htaccess for wordpress inside another wordpress install
- Rewrite /?rest_route=/ link to /wp-json/ without changing default permalink structure in apache
- Globally force SSL on all pages
- Correct htaccess to display page while also passing in GET parameters
- Block access to wp-admin
- How have I misconfigured basic auth for my wordpress site?
- Remove File Extension for Page Outside of WordPress
- WordPress trims off the forward slash when import
- WordPress best solution shared theme for consumers and businesses (two url’s one instaltion)
- Redirect main domain to subdirectory
- Remove special characters in a URL
- different child theme for subdomain
- How do I edit the htaccess file to optimize my website?
- Is it possible to post with Word 2007 via XML-RPC and limit categories by user?
- Should I add the IP of the server that hosts my sites to the list of authorized IPs in the wp-admin/.htaccess?
- FORCE_SSL_ADMIN not working
- Site searches by Python for non-existent assets
- WordPress On subfolder
- Override htacces rule only for specific directory
- How To Allow Only Specific User Agent To Access a URL?
- How to ignore folder in site root while accessing a URL
- How can I enable keep alive (Not accessing to Apache)
- HTTP sitewide, except for: wp-admin, and 2 custom directories
- WordPress installed in root, need second in subdirectory with different domain
- htaccess has broken my site
- TimThumb & htaccess : clean url
- Only Allow Front End Access
- .htacess rewrite condition: page to seconddomain/page
- .htaccess RewriteCond excluding directories does not work when there is an .htaccess or php.ini in subdirectory
- WordPress .htaccess file gives issues with subdirectory
- W3 Total Cache CSS & JS files GZip issues [closed]
- WP Super Cache unable to locate cache file for only the homepage
- Cannot login to WordPress site after changing .htaccess for security purposes
- WordPress permalink, stop redirection
- add_rewrite_rule to remove /category/ from permalink
- Is wp_login_form secure on a non secure page?
- .htaccess Non-‘www’ to ‘www’ Subdomain Redirection Only Works for Homepage
- Non WordPress Folder in a WordPress Site
- Htaccess rewrite based on query string, not working [closed]
- Redirect all subdomains to root domain
- Where is the php file, that does the checks for login information?
- Change root directory
- How to execute WordPress as though it is in the root folder while it is installed in a subdirectory?
- Htaccess maintenance page rules that actually work with WordPress?
- How to allow only vpn access to dashboard on Bitnami WordPress by IP address restricting
- After limiting the access to my wp-login.php by IP through .htaccess, all my password-protected posts stopped working. What’s the best solution now?
- htaccess redirect to path
- Non-wordpress subdomain on Multisite Installation
- Unable leverage Browser Caching on AWS Bitnami stack (Apache) through W3TC and Cloudfront CDN
- Rewrite rules and maintain URL
- Subfolder renaming
- Targeting .htaccess file with file_put_contents
- Redirect Loop in Regex Moving to HTTPS
- .htaccess file changes disappear
- WordPress login bug. Need an emergency solution
- .htaccess and virtual host configuration for WP in its own directory
- Hide wp-login.php but not the widget
- 403 forbidden due to .htaccess?
- How to rename the WordPress wp-login.php running on IIS6?
- Where is the htaccess in wordpress.com hosting?
- Debug errors for “Destination directory for file streaming does not exist or is not writable”
- How To Add CSP frame ancestors in WordPress Website? [closed]
- How do I modify each instance of setcookie?
- How to I serve the static HTML file at the root directory in a wordpress site?
- What’s the point of the default .htaccess?