Disable WordPress XMLRPC.PHP - Common Brute Force Hacker Exploit | WP Learning Lab

Cool!  Thanks!

Didn't work. The hacker does still go to the url (/xmlrpc.php) like 10 times a sec.

Hi i find your tutorial very useful for my studies but i need more help on a php file can you help me?

So does this work or not? How can I test if its working correctly? I've done exactly as you've instructed in this video.. however I'm concerned others in your comment section are saying it doesn't work.

Hello, when I insert the code in my .htaccess 500 error appears on my website. you can tell why? thank you

Have a important question :

Previosly, i have added "Wp config.php " code , into htaccess file ,
do we have to post it right below the previous codes ? or new htaccess file ?

On WP 4.5+ this file is called xmlrpc.php. At least that's what it is on my installs.

i don't need to Disable Word Press XMLRPC.PHP....i just delete XMLRPC.PHP file from word press simple

My site is down and it's showing this error "The server encountered an internal error or misconfiguration and was unable to complete your request."

You are Just awesome... You are helping so many novice WordPress user's like myself to protect their site from hacker.Thank you Sir and Respect.

the coding dosent work man it gives an error in the server !!!

it does helped me today, and I subscribed immediately and turned on the post notification, I never knew my ass was on fire since until today I saw the xml-rpc.php in my source code and tested it and it was left on, I forgot to get rid of it when I install SEO plugin.

should I delete the XMLRPC.PHP file?

So many Russian bot attacks me.

Great video... I have a slightly different problem. When I access my website with www it loads fine but when I use the version without www I get an error that says : XML-RPC server accepts POST requests only.

Any idea how to fix this? I have searched for hours but I can't find a solution

Hi I wanted to know if this will work for my issue.
Some people can access my website, some people can't and it comes up with the message post request message.
If I do this, will it work? I've only just launched my business and this is driving me crazy!

Thank you! Super easy fix. Way better than banning IP's or hosts trying to hack.

Does it make a difference in which directory the htaccess files exists? Mine is not in the root directory where your is but in local host. Should I move it?

Can I just delete the file?

i can u help me... this is my wp site darkanimes. com and this one is clone 24pinbahis. com and there are alot of clones in google.. i tried to desable xmlprc but nothing... can u help me

I tried this code but it stops my login to wordpress

How do i enable it for jetpack publicize?

nginx tutorial please

I just blocked it using Wordfence

Dear you have amazing skills and i learn alot from your videos, can you please make a video on "WP Cerber Security" thanks

Very good. Thank you.

I tried the method of htacess and that of including a filter in functions.php of the theme and the plug-in that disable xmlrpc nothing is working!! Every time i put website_address/xmlrpc.php I get the message “XML-RPC server accepts POST requests only” why nothing is taking effect. Even I installed wordfence.

Most of the wordpress site you run this on, when scan with OWASP ZAP scanner it still show xml-rpc vulnerability. WHY?

What if we're using nginx server? The code would still work or we have to write other line of codes according to the server selection?

just delete xmlrpc.php, problem solved

Thank you!