Disable WordPress XMLRPC.PHP - Common Brute Force Hacker Exploit | WP Learning Lab

Thank you!

just delete xmlrpc.php, problem solved

What if we're using nginx server? The code would still work or we have to write other line of codes according to the server selection?

Most of the wordpress site you run this on, when scan with OWASP ZAP scanner it still show xml-rpc vulnerability. WHY?

I tried the method of htacess and that of including a filter in functions.php of the theme and the plug-in that disable xmlrpc nothing is working!! Every time i put website_address/xmlrpc.php I get the message “XML-RPC server accepts POST requests only” why nothing is taking effect. Even I installed wordfence.

Very good. Thank you.

Dear you have amazing skills and i learn alot from your videos, can you please make a video on "WP Cerber Security" thanks

I just blocked it using Wordfence

nginx tutorial please

How do i enable it for jetpack publicize?

I tried this code but it stops my login to wordpress

i can u help me... this is my wp site darkanimes. com and this one is clone 24pinbahis. com and there are alot of clones in google.. i tried to desable xmlprc but nothing... can u help me

Can I just delete the file?

Does it make a difference in which directory the htaccess files exists? Mine is not in the root directory where your is but in local host. Should I move it?

Thank you! Super easy fix. Way better than banning IP's or hosts trying to hack.

Hi I wanted to know if this will work for my issue.
Some people can access my website, some people can't and it comes up with the message post request message.
If I do this, will it work? I've only just launched my business and this is driving me crazy!

Great video... I have a slightly different problem. When I access my website with www it loads fine but when I use the version without www I get an error that says : XML-RPC server accepts POST requests only.

Any idea how to fix this? I have searched for hours but I can't find a solution

So many Russian bot attacks me.

should I delete the XMLRPC.PHP file?

it does helped me today, and I subscribed immediately and turned on the post notification, I never knew my ass was on fire since until today I saw the xml-rpc.php in my source code and tested it and it was left on, I forgot to get rid of it when I install SEO plugin.

the coding dosent work man it gives an error in the server !!!

You are Just awesome... You are helping so many novice WordPress user's like myself to protect their site from hacker.Thank you Sir and Respect.

My site is down and it's showing this error "The server encountered an internal error or misconfiguration and was unable to complete your request."

i don't need to Disable Word Press XMLRPC.PHP....i just delete XMLRPC.PHP file from word press simple

On WP 4.5+ this file is called xmlrpc.php. At least that's what it is on my installs.

Have a important question :

Previosly, i have added "Wp config.php " code , into htaccess file ,
do we have to post it right below the previous codes ? or new htaccess file ?

Hello, when I insert the code in my .htaccess 500 error appears on my website. you can tell why? thank you

So does this work or not? How can I test if its working correctly? I've done exactly as you've instructed in this video.. however I'm concerned others in your comment section are saying it doesn't work.

Hi i find your tutorial very useful for my studies but i need more help on a php file can you help me?

Didn't work. The hacker does still go to the url (/xmlrpc.php) like 10 times a sec.

Cool!  Thanks!