How to disable xmlrpc.php via .htaccess

Oftentimes, malicious traffic is created by rapidly accessing a xmlrpc.php file, creating a high server load, or causing limits to be reached on the server. Configuring a .htaccess file to disable xmlrpc in a cPanel account can provide better security.

Procedure

  1. Log in to the affected cPanel account.
  2. Go to “Home / Files / File Manager”.
  3. Access public_html (or your website content’s document root).
  4. Create a new file named .htaccess or edit the existing file.
  5. Paste the following code into the file:
    # Block WordPress xmlrpc.php requests
    <Files xmlrpc.php>
    Require ip xxx.xxx.xxx.xxx
    Require all denied
    </Files>

You may also like