Last Chance: Cyber Monday 40% OFF



Tackle WordPress weaknesses and fortify your website Learn more

XML-RPC is a mechanism originally implemented into WordPress to publish content without the need to actually login to the backend. It is also used to login to WordPress from devices other than desktop, or the regular wp-admin interface. For example, the WordPress iOS app utilizes XML-RPC to log in to WordPress.

As most WordPress site administrators won’t use either of these functions, it is recommended to disable XML-RPC to prevent abuse. XML-RPC is known to be abused for brute-force User Enumeration attacks. Using a single command, hackers can try hundreds of username/password combinations. Also the xmlrpc.php file is used to execute DDoS attacks, using the pingback feature.

The WordPress REST-API is considered to be the more convenient and secure alternative for plugins and other applications to exchange data.

Table of Contents

Peter Tak

Peter Tak

Security Officer at Really Simple Plugins

Read More

Advanced Security

Tackle WordPress weaknesses and fortify your website. New hardening features!


Want to know the in and outs of security jargon? Get to know our features.

Premium support will offer assistance in 24 hours. If you need help, or have any questions just contact our awesome support team/

Related articles