#2 way hackers hack WordPress - Disable XMLRPC in WordPress

Hello...I believe that this video is not properly listed in your channel...

Hi, It's okey to disable from the .htaccess and with plugin too, is doble effective of it doesn't matter.

Hey Bjorn. Why is your video unlisted? Anyway, I took a look at my logs and found out that most of the attacks are xmlrpc based on one of my websites. Over 560 log reports and majority is xmlrpc related. After switching my log in page and getting blackhole for bad bots as stated in your other video. I then shut them down using this method. Already i can say that with the hiding of the log in page I've seen a decrease in login attempts. Will give feedback after getting enough data on disabling the xlmrpc file. Thanks again for the video

I got a notification now 😮😢why?

Early in the video I saw you had Wordfence. Why did you edit the htaccess file to disable xmlrpc instead of just choosing the setting in Wordfence to disable it?

For those who would rather do this via their child themes functions.php:

remove_action ('wp_head', 'rsd_link');
add_filter('xmlrpc_enabled', '__return_false');

Thanks for your video!

Thanks for this

Outstanding and excellent educational video Bjorn. All of your tutorial videos are truly outstanding.

where is that code to disable xml rpc? I checked all comments, didn't find.

hi, need your help -- I added this code in htaccess.. nd it says "forbidden to access htaccess"

# BEGIN Disable XML-RPC.PHP

<Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>
# END Disable XML-RPC.PHP