xml rpc - Simply deleting XMLRPC file

admin2025-06-06 0

I have never used XMLRPC for any activity for my WordPress sites and also not going to do so.

There are many articles on disabling XMLRPC on your site for additional security. In the use case scenario that I discussed when if that service is not required, why to disbale it or make it more secure ? I just wish to simply delete the xmlrpc.php. Will it cause any errors if I delete it ?

I have never used XMLRPC for any activity for my WordPress sites and also not going to do so.

Share Improve this question asked Nov 2, 2018 at 5:40 Rajesh Kakkad 512 silver badges8 bronze badges

2 Don't delete the file. It will just come back whenever WordPress updates. If you want to disable its functionality there are plenty of plugins that do that. – Jacob Peattie Commented Nov 2, 2018 at 6:05
@JacobPeattie You are right about file coming back with update. I overlooked that possibility. Thanks. – Rajesh Kakkad Commented Nov 2, 2018 at 6:17

Add a comment |

2 Answers 2

Sorted by: Reset to default 4

You shouldn't delete that file - it will be restored after update - so deleting it makes no sense (and it shouldn't be treated as security fix).

You can disable XMLRPC using filter:

add_filter('xmlrpc_enabled', '__return_false');

And even block access to that file. Below code for Apache (sandrodz showed code for nginx):

<Files xmlrpc.php>
    Order deny,allow
    Deny from all
</Files>

As mentioned in comments, if you delete the file, updating WP will bring it back.

It is best to block it at server level. In nginx I do following:

# Disable xmlrpc.php it is being abused by script kiddies
location ~ xmlrpc.php {
    deny all;
    access_log off;
    log_not_found off;
    return 444;
}

转载请注明原文地址:http://conceptsofalgorithm.com/Algorithm/1749211784a317298.html

xml rpcSimply deleting XMLRPC file

最新回复(0)