Disable xmlrpc.php question?? | WordPress.org

Plugin Support
wfphil

(@wfphil)

Hi @epgb101

We are unable to tell you if you or anyone else on your site needs to login via the XML-RPC interface now or in the future – it is very unlikely that you would allow members to use that.

For example, if you install the application for WordPress on a smart phone or a tablet you will see that the login page doesn’t exist – that is because the application logs you in via the XML-RPC interface and not the login page below:

example[.]com/wp-login.php

You can set our recommended brute force login attack protection rules. Instructions are in the link below. You can quickly find these options in the Brute Force Protection section on the All Options page:

https://www.wordfence.com/help/firewall/brute-force/

These rules also protect the WordPress XML-RPC interface with some useful background information below:

https://www.wordfence.com/blog/2017/01/xmlrpc-wp-login-brute-force/

Thank you – that answers it very well 🙂

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer