How to secure or disable the RSS feeds?

As pointed out in the comments by @kaiser, your question is very similar to this question. In fact, the question itself holds the answer. To disable all feeds add the following code…

function itsme_disable_feed() {
    wp_die( __( 'No feed available, please visit the <a href="'. esc_url( home_url( "https://wordpress.stackexchange.com/" ) ) .'">homepage</a>!' ) );
}

add_action('do_feed', 'itsme_disable_feed', 1);
add_action('do_feed_rdf', 'itsme_disable_feed', 1);
add_action('do_feed_rss', 'itsme_disable_feed', 1);
add_action('do_feed_rss2', 'itsme_disable_feed', 1);
add_action('do_feed_atom', 'itsme_disable_feed', 1);
add_action('do_feed_rss2_comments', 'itsme_disable_feed', 1);
add_action('do_feed_atom_comments', 'itsme_disable_feed', 1);

…to an empty plugin, and activate that plugin. This should prevent anyone from accessing a feed action.

Note that the above is sample code only, preferably you’d not wp_die but redirect or use a 404 instead.

Related Posts:

  1. Password-protect feed and make it usable in major aggregators
  2. Full path disclosure on rss-functions.php
  3. How do I authenticate WP users from a chrome extension?
  4. Best Way to Enable Two Step Authentication
  5. Restricting access to content
  6. Single sign-on: wp_authenticate_user vs wp_authenticate
  7. How does the “authentication unique keys and salts” feature work?
  8. Auth cookie value security risk?
  9. Uploading attachment (pdf) and prevent download for anonymous user
  10. Why is SSH password authentication a security risk?
  11. What is the difference between a cer, pvk, and pfx file?
  12. Why should I use the esc_url?
  13. Why escape if the_content isnt?
  14. What to use instead of wp_kses() in user output
  15. Are the default salts secure?
  16. is_email() VS sanitize_email()
  17. Understanding SVG vulnerabilities in WordPress related to a specific fix
  18. Moving wp-config.php: Can this be done after site launch?
  19. Why does Simplepie return feed items in a wrong order?
  20. Make password invalid once logged out of password-protected page
  21. What is the wp-includes/certificates/ca-bundle.crt used for?
  22. How to flush feed? Or set timeout on feed so that it isn’t cached?
  23. Change the link URL in default RSS feeds
  24. Protecting HTML5 video [closed]
  25. placement of wp_error with fetch_feed
  26. How can I find security hole in my wordpress site?
  27. Does WP show me if I’m logged in from multiple locations?
  28. WordPress Permalinks %postname% for RSS2 Feed URL
  29. Do I need to use the esc_html() function on hard coded links?
  30. Display the first image from a post in RSS feed
  31. WordPress Malware Problem help! [duplicate]
  32. Why can’t I add this feed to the RSS widget?
  33. Frontend Password change
  34. Downloading File from Outside Web Root
  35. Using esc_html with HTML purifier and CSSTidy: Overkill?
  36. wordfence scan warning on W3 Total Cache [closed]
  37. Remove specific page/post from feed
  38. Delaying One RSS Feed in WordPress but Not the Others?
  39. site get login attempts after htaccess ip restriction
  40. Is it good security advice to install wordpress in subdirectory but link to root?
  41. Show ‘Read more’ in rss feed
  42. Moving wp-config.php up 2 levels
  43. How Could I sanitize the receive data from this code
  44. WordPress SQL Injections through User Agent
  45. How to save iframe tag into a post?
  46. How to prevent wp-login brute force attack from thousand of different IP? [duplicate]
  47. What permissions should I give directories if I want to make WordPress more secure?
  48. How to protect wp-admin through .htaccess?
  49. Something is unescaping all html entities before output to browser [closed]
  50. What’s a good RSS Importer?
  51. What is best way to prevent access to Custom Post Types unless authenticated when the post type has an archive and is publicly queryable?
  52. Custom Feed URLs
  53. Limit Login Attempts BEFORE PHP is executed?
  54. Safe to say WordPress security releases don’t have database upgrades
  55. fail2ban to prevent Brute Force Attacks on WordPress?
  56. How to give the same error message when the wrong password or wrong username is used?
  57. Get Link to Feed On Term or Taxonomy
  58. Unable to display favicon using get_favicon()?
  59. Creating separate feeds for custom post types
  60. Passing feed URLs with “&” to fetch_feed()?
  61. Empty RSS Feeds
  62. Which plugin can do horizontal scrolling of RSS feeds in WordPress [closed]
  63. How replace individual elements in the RSS feed with a single string
  64. How to fetch custom post types with its full data on wordpress?
  65. Where is the php file, that does the checks for login information?
  66. How might I sanitize an XML file before WP Import? (Does wordpress verify or clean text when importing from an XML document? )
  67. Problem with articles feed: XML Parsing Error: XML or text declaration not at start of entity
  68. How to change permalink on headlines in rss feeds?
  69. WordPress won’t let me use a page slug of ‘feed’
  70. Secure Server after configuration
  71. My WordPress installation isn’t updating the feed when a new post is published
  72. How to fetch common posts from two feeds?
  73. WordPress create custom XML RSS feed template
  74. After limiting the access to my wp-login.php by IP through .htaccess, all my password-protected posts stopped working. What’s the best solution now?
  75. How to get a list of articles related to a particular category from my other WordPress website?
  76. How to regenerate RSS feed URL like FeedBurner?
  77. On my WordPress 5.4 website, how to remove all feeds? Including Category and Tags
  78. Specific Page/Post Need to Stay Non SSL
  79. Block JSON access over the net
  80. Can someone do something to my website if I posted a snapped image of the header and covered my logo? (On reddit, when explaining a question)
  81. The in-famous Unable to locate WordPress Content directory (wp-content) and the Direct Method
  82. Security: AWS (shared hosting) claims template file malicious
  83. RSS feed has stopped updating
  84. How to check whether a site has been compromised without browsing into it?
  85. WordPress feed only shows first page of category
  86. My site thinks it’s secure when it is fact not
  87. Is it possible to only have the admin interface bind to the local loopback?
  88. WordPress 4.0 beta – how to change the link URL in RSS feeds
  89. Error on Rss Feed for my blog
  90. RSS Feed Broken – Limit?
  91. RSS feed url showing page not found. How to solve it?
  92. RSS2 Feed with two CDATA sections
  93. How to remove certain feed from my dashboard in WP admin
  94. How to add the Author on my RSS Feed
  95. Feed RSS problem on WordPress, need it for Google News
  96. Default installation permissions for wp-config.php
  97. Correct setup to block file modifications from hackers
  98. SSH keypair generation: RSA or DSA?
  99. How do I protect my company from my IT guy? [closed]
  100. Does changing default port number actually increase security? [closed]

Leave a Comment