admin管理员组

文章数量:1130349

I have never used XMLRPC for any activity for my WordPress sites and also not going to do so.

There are many articles on disabling XMLRPC on your site for additional security. In the use case scenario that I discussed when if that service is not required, why to disbale it or make it more secure ? I just wish to simply delete the xmlrpc.php. Will it cause any errors if I delete it ?

I have never used XMLRPC for any activity for my WordPress sites and also not going to do so.

There are many articles on disabling XMLRPC on your site for additional security. In the use case scenario that I discussed when if that service is not required, why to disbale it or make it more secure ? I just wish to simply delete the xmlrpc.php. Will it cause any errors if I delete it ?

  • xml-rpc
Share Improve this question asked Nov 2, 2018 at 5:40 Rajesh KakkadRajesh Kakkad 512 silver badges8 bronze badges 2
  • 2 Don't delete the file. It will just come back whenever WordPress updates. If you want to disable its functionality there are plenty of plugins that do that. – Jacob Peattie Commented Nov 2, 2018 at 6:05
  • @JacobPeattie You are right about file coming back with update. I overlooked that possibility. Thanks. – Rajesh Kakkad Commented Nov 2, 2018 at 6:17
Add a comment  | 

2 Answers 2

Reset to default 4

You shouldn't delete that file - it will be restored after update - so deleting it makes no sense (and it shouldn't be treated as security fix).

You can disable XMLRPC using filter:

add_filter('xmlrpc_enabled', '__return_false');

And even block access to that file. Below code for Apache (sandrodz showed code for nginx):

<Files xmlrpc.php>
    Order deny,allow
    Deny from all
</Files>

As mentioned in comments, if you delete the file, updating WP will bring it back.

It is best to block it at server level. In nginx I do following:

# Disable xmlrpc.php it is being abused by script kiddies
location ~ xmlrpc.php {
    deny all;
    access_log off;
    log_not_found off;
    return 444;
}

I have never used XMLRPC for any activity for my WordPress sites and also not going to do so.

There are many articles on disabling XMLRPC on your site for additional security. In the use case scenario that I discussed when if that service is not required, why to disbale it or make it more secure ? I just wish to simply delete the xmlrpc.php. Will it cause any errors if I delete it ?

I have never used XMLRPC for any activity for my WordPress sites and also not going to do so.

There are many articles on disabling XMLRPC on your site for additional security. In the use case scenario that I discussed when if that service is not required, why to disbale it or make it more secure ? I just wish to simply delete the xmlrpc.php. Will it cause any errors if I delete it ?

  • xml-rpc
Share Improve this question asked Nov 2, 2018 at 5:40 Rajesh KakkadRajesh Kakkad 512 silver badges8 bronze badges 2
  • 2 Don't delete the file. It will just come back whenever WordPress updates. If you want to disable its functionality there are plenty of plugins that do that. – Jacob Peattie Commented Nov 2, 2018 at 6:05
  • @JacobPeattie You are right about file coming back with update. I overlooked that possibility. Thanks. – Rajesh Kakkad Commented Nov 2, 2018 at 6:17
Add a comment  | 

2 Answers 2

Reset to default 4

You shouldn't delete that file - it will be restored after update - so deleting it makes no sense (and it shouldn't be treated as security fix).

You can disable XMLRPC using filter:

add_filter('xmlrpc_enabled', '__return_false');

And even block access to that file. Below code for Apache (sandrodz showed code for nginx):

<Files xmlrpc.php>
    Order deny,allow
    Deny from all
</Files>

As mentioned in comments, if you delete the file, updating WP will bring it back.

It is best to block it at server level. In nginx I do following:

# Disable xmlrpc.php it is being abused by script kiddies
location ~ xmlrpc.php {
    deny all;
    access_log off;
    log_not_found off;
    return 444;
}

本文标签: xml rpcSimply deleting XMLRPC file

版权声明:本文标题:xml rpc - Simply deleting XMLRPC file 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://it.en369.cn/questions/1749211755a2333480.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。