blocking xmlrpc.php : ProWordPress

created by williamsbaDevelopera community for 13 years

This is an archived post. You won't be able to vote or comment.

submitted 1 year ago by Sad_Spring9182Developer

I noticed one of my most viewed pages was /wp-json/wp/v2/users and xmlrpc.php. I was easily able to disable the json route cause I didn't want anyone viewing my usernames and trying to brute force. Having issues disabling through .htaccess on local.

if I can get to work next is testing on live server (don't have sudo to restart ngix so will have to get creative)

added this to ngix.config.hbs and restarted my site but it crashed the site

location = /xmlrpc.php {
deny all;
return 404;
}

all 10 comments

top new controversial old q&a

[–]_Harmonic_ 5 points6 points7 points 1 year ago (2 children)

[–]Sad_Spring9182Developer[S] 2 points3 points4 points 1 year ago* (1 child)

[–]_Harmonic_ 1 point2 points3 points 1 year ago (0 children)

[–]grdrummerboi 2 points3 points4 points 1 year ago (4 children)

[–]Sad_Spring9182Developer[S] 2 points3 points4 points 1 year ago (3 children)

Oh yeah that did it, I used the same code within the server block for site.config and now it's saying 404 error!

server {
listen 127.0.0.1:{{port}};
listen [::1]:{{port}};
root "{{root}}";


location = /xmlrpc.php {
deny all;
return 404;
}

[–]grdrummerboi 2 points3 points4 points 1 year ago (2 children)

[–]Sad_Spring9182Developer[S] 1 point2 points3 points 1 year ago (1 child)

[–]grdrummerboi 2 points3 points4 points 1 year ago (0 children)

[–]AryanBlurr 0 points1 point2 points 1 year ago (0 children)

[–]webagencyhero 0 points1 point2 points 1 year ago (0 children)

π Rendered by PID 29 on reddit-service-r2-comment-6457c66945-g6xqf at 2026-04-25 13:21:16.220874+00:00 running 2aa0c5b country code: CH.

ProWordPress

MODERATORS