Restrict access to xmlrpc.php

There are plugins for that: e.g. http://wordpress.org/plugins/disable-xml-rpc/

You can also write a filter yourself 

add_filter('xmlrpc_enabled', '__return_false');

You can simply add this code your theme functions.php (located in wp-content/themes/your_theme).

However, you are advised to create a child theme (http://codex.wordpress.org/Theme_Development) so that your modification does not disappear when you update the theme.

Alternatively, you can create your plugin (http://codex.wordpress.org/Writing_a_Plugin) where you will put all your WordPress tweaking.

I also add the following for a better protection:

/**
 * Secure WordPress by removing version
 */
remove_action('wp_head', 'wp_generator');


/**
 * Secure WordPress by hiding login errors
 */
function hide_login_errors($errors) { return 'login error'; }
add_filter('login_errors', 'hide_login_errors', 10, 1);

Related Posts:

  1. WordPress as XML-RPC client?
  2. How to enable wpautop for XMLRPC content
  3. Extending xml rpc – best practice
  4. How do I know if my site is using the xmlrpc.php file?
  5. XML-RPC: Add category to post data
  6. How Enable XML-RPC in WP 4.8.2
  7. XMLRPC and Underscored custom fields
  8. Creating post content from external web scraper via JSON or RPC
  9. wp.getUsers XML-RPC method is returning only 50 users, how can i get all the users
  10. xmlrpc.php Returning 405 Response Code
  11. Simply deleting XMLRPC file
  12. Storing an XML Response (Transient)?
  13. Problem with Create Post using metaWeblog.newPost or wp_insert_post
  14. Is it possible to change a blog’s theme through XML-RPC command? (and if so how?)
  15. How pull wordpress blog data using Blogger API using python
  16. Create a new post in wordpress with XML-RPC with the correct GUID?
  17. Working code example of PHP XML-RPC connex to site?
  18. Automated posting to wordpress from commandline or XMLRPC API on Dreamhost
  19. Posting via HTTP requests?
  20. Why is minimum_args protected?
  21. Multiple new posts using XML-RPC?
  22. Is it possible write, publish and edit posts with WordPress from console aka terminal?
  23. How to enable xmlrpc in WordPress 5?
  24. modify post meta data remotely without xmlrpc
  25. XMLRPC newPost post_content issue
  26. Can XMLRPC set show_on_front/page_on_front?
  27. Send an extra parameter with xml-rpc login?
  28. Is there any image size limit for wordpress xml-rpc?
  29. XML-RPC and $wpdb
  30. XMLRPC won’t connect?
  31. wp.setOptions of the XML-RPC API does not appear to work
  32. How to list updates using WordPress XML-RPC methods
  33. Is XML-RPC still a security risk?
  34. Get Post meta via XML-RPC using wp.getPost
  35. How to process shortcodes in XML-RPC
  36. “XML-RPC server accepts POST requests only” error message
  37. New post created with XML-RPC works fine but fails to assign category
  38. Tagging posts to custom taxonomies using XMLRPC in R
  39. Getting all posts from an XMLRPC request [duplicate]
  40. not well-formed (invalid token) at line 15, column 51, byte 720 when trying to parse XMLRPC call
  41. XML-RPC aplication blocked by the hosting
  42. Weblog clients cannot retrieve posts: An invalid hexadecimal character (0x7) was found in the element content of the document
  43. Using XML RPC to import data into WordPress
  44. Page content sent from XML RPC is corrupted
  45. metaWeblog.getRecentPosts is returning nothing in my iphone app
  46. tag is ignored when using xml-rpc
  47. How to read newpost return post ID value as integer for xmlrpc
  48. Enabling XML-RPC Accross 500 blogs
  49. Retrieve username and password from XMLRPC request
  50. WordPress site hacked. Has .htaccess been hacked?
  51. How to validate XML-RPC post creation and cancel when needed?
  52. Is there a way to get protected meta fields through any of the available built-in WordPress APIs? (xmlrpc, wp-json)
  53. xmlrpc_enabled filter not called
  54. Disable links in header (feeds and such)
  55. How to get all posts (in chunks) via XML-RPC?
  56. get total number of images from media using xml-rpc
  57. How can I find security hole in my wordpress site?
  58. How do i disable/disallow and tags in TinyMCE?
  59. wordpress inserting posts programatically through a url
  60. Hacked WordPress website, as notified by Google Search Console, what to do? [closed]
  61. Is it possible to post with Word 2007 via XML-RPC and limit categories by user?
  62. Block only external access to wp-cron.php on OpenLiteSpeed
  63. Unfamiliar query string in Google Search Console URL not found
  64. wp-config.php modified?
  65. WordPress can’t find IXR_Client
  66. How to prevent wp-login brute force attack from thousand of different IP? [duplicate]
  67. Files automatically added
  68. XML-RPC and post_date
  69. How To Clean The Malware Infected & Hacked WordPress Websites? [duplicate]
  70. getting casino links on my woocommerce site [closed]
  71. Getting trackpacks/pingbacks for a post via wordpress?
  72. wp-admin folder removed by hacker [closed]
  73. How do I programmatically create new posts of a custom post type over the XML-RPC API?
  74. How to edit feature image with XML RPC?
  75. How to fight this wp-info.php exploit? [closed]
  76. What can I do when an outside party hacks into my weblog and changes my display name?
  77. Server hacked: correct contents of wp-uploads directory? [closed]
  78. Website show Google Ads when we have no Google Ads linked to our website
  79. How do I disable XML-RPC in WordPress Multisite?
  80. How To Post WordPress Custom Post Types to Twitter via IFTTT
  81. Spam pages hack? [closed]
  82. Cannot save underscore custom fields in one wordpress installation using xmlrpc and underscores
  83. Can’t access htaccess [closed]
  84. Site blocked by WebSense on fresh WP Install
  85. WordPress disable direct access of files in WordPress installation path
  86. Is this a hack? WordPress Usernames of every website we have changed into one single name automatically?
  87. Avoid duplicate posts with xml rpc
  88. Should I prevent access to .htaccess and wp-config.php files?
  89. how can i find malware code and remove from wordpress site to stop it redirecting to hackers click view pages
  90. Have I been hacked – getting new site setup email for 8 localhost wordpress sites
  91. Replacing nav-menus.php file with standard clean one?
  92. looking for indoxploit hack solution [closed]
  93. Some code is added automatically to my site’s header – what is it?
  94. Hacked site using transient API?
  95. How can hackers access WP usernames? [duplicate]
  96. XML RPC -> Create User
  97. Custom category for posts via XMLRPC
  98. WordPress installer attack
  99. Clean/filter HTML inserted to post content by XML RPC
  100. Is my WP site being hacked?