By enabling the Privacy Hardening feature in Admin Safety Guard, you can toggle XML-RPC on or off with a single click, helping tighten security where remote access isn’t needed.
XML-RPC is a WordPress feature that allows remote access and communication between your site and external applications (like mobile apps and publishing tools) using structured XML calls. While useful for integrations, it’s also known to be a common target for brute-force and DDoS attacks if left exposed.
Benefits of Disabling XML-RPC:
- Prevents unauthorized remote login attempts
- Blocks common brute-force and pingback exploits
- Reduces attack surface area for improved backend safety
- Helps sites not using mobile apps or external editors stay lean and secure
This is how the feature works:
Disable XML-RPC
You can simply disable the XML-RPC to enhance the security of your site.
- Log in to your dashboard and go to Admin Safety Guard > Privacy Hardening.
- Then click the button beside the Disable XML-RPC.
- Lastly, click the Save Settings button
