How To Disable XMLRPC Without Using Plugin



XML-RPC is a protocol that let you send data over HTTP. In WordPress, you can use this protocol to manipulate various things on your site including posts creating, deleting, editing… However, it is a dying technology and has high risk potential.

It is recommended for WordPress users to disable it entirely. By default, your WordPress installation has this enabled.

If you need more details about XML-RPC and its risk, this post should be sufficient.

How to disable XML-RPC without using a plugin

The good news for you is disabling XML-RPC is very simple. You only need to add one line of code. As usual, I would recommend you enter this code in your child theme. If you don’t know how to create one, I have a detailed tutorial here:

Picture Guide To Create Child Themes In WordPress Step By Step

After that, paste the following code in the child theme’s functions.php file:

add_filter( 'xmlrpc_enabled', '__return_false' );

The code basically add a function to xmlrpc_enabled hook. When this hook is fired, the function __return_false is called.

If you know a bit a PHP, you may wonder, where is the implementation of the function __return_false? The answer is it is a WordPress’s method to conveniently return false, which is all we need to disable XML-RPC.


Disabling XML-RPC is very simple and you should be able to do it without any problem. If you need help, please comment below. If you don’t use or don’t know what XML-RPC is, you should definitely disable it now.

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

Leave a Reply

Your email address will not be published. Required fields are marked *