XML-RPC is a protocol that let you send data over HTTP. In WordPress, you can use this protocol to manipulate various things on your site including posts creating, deleting, editing… However, it is a dying technology and has high risk potential.
It is recommended for WordPress users to disable it entirely. By default, your WordPress installation has this enabled.
If you need more details about XML-RPC and its risk, this post should be sufficient.
How to disable XML-RPC without using a plugin
The good news for you is disabling XML-RPC is very simple. You only need to add one line of code. As usual, I would recommend you enter this code in your child theme. If you don’t know how to create one, I have a detailed tutorial here:
After that, paste the following code in the child theme’s functions.php file:
add_filter( 'xmlrpc_enabled', '__return_false' );
The code basically add a function to xmlrpc_enabled hook. When this hook is fired, the function
__return_false is called.
__return_false? The answer is it is a WordPress’s method to conveniently return false, which is all we need to disable XML-RPC.
Disabling XML-RPC is very simple and you should be able to do it without any problem. If you need help, please comment below. If you don’t use or don’t know what XML-RPC is, you should definitely disable it now.