How to disable xlm-rpc in WordPress the non bullshit guide

Tired on long lengthy annoying guides guides where you have to scroll for ages to the end find the solution to your problem?

Well this is not one of them. In short xlm-rpc is a protocol that enables you to blog from your phone and bla bla. (things you don´t need to know or want to know anyway and we won’t bore you with it.) But you don´t need any of this and after since WordPress version 6.1.1. is vulnerable to hackers exploiting and wrecking your WordPress website you should disable it all together and forever. So here is what you need to do disable How to disable xlm rpc-in WordPress:

First off you do not need a silly plugin that will bloat your website and your database. We will do it all through code and it is very easy!

First you need to take the code below and and save it in in a notepad txt document as “wp-disable-xlm-rpc.php”.

This will create something called a “mu-plugin”. If you do not have the folder in your wp-content folder, then create a folder called “mu-plugins”. Then upload and save your new mu-plugin in this folder. This will disable most of the xlm-rpc functionality so it only accepts POST commands. That is fine, not enough as we want to block it completely. 

Now in your servers www root folder (Usually called public_html), where your WordPress installation files are. Look for a file called “.htaccess” and add these lines of code:

and then save the document. You now need to test in your browser and verify that it worked.

E.g. https://mywebsite.com/xmlrpc.php

if your server responds with a 403 forbidden or 404 not found then you have succeeded! 

Congratulation, you just made your WordPress server safer from exploits of the XML RPC security hole that hackers use in an attempt to break into your server.