Question: I got mine today WordPress hoster wrote that the xmlrpc.php file in my WordPress directory would use too many resources and it would have completely overloaded the server. The script was then blocked by the hoster. My question is if I can maybe delete the script completely to solve the resource problem. Greetings, Leon!
Answer: Thank you for your question. I assume that the script was targeted by hackers on your WordPress installation. I already have about it wrote an older blog post. In principle, you can delete the PHP file, as it is only needed for WordPress to operate if, for example, you are working with the Windows Live Writer or the WordPress app (or similar) want to access your WordPress. This data exchange between the programs and your WordPress blog works via the XML-RPC interface, which in turn is generated by this file.
If the file is deleted, the [hackers-> wordpress-hackers] no longer have a point of attack and the attacks will come to nothing. For this reason, it is a good idea to remove the file when you are not using it. Of course, you can easily manage the blog via the WP-Admin without this file.
Important: It is more clever to forbid the file via an entry in the .htaccess file (see here ). With a WordPress update, WordPress puts the xmlrpc.php back into the main directory and you would have to manually eject the file. Due to the entry in the .htaccess file, it remains permanently blocked.
Jens has been running the blog since 2012. He appears as Sir Apfelot for his readers and helps them with problems of a technical nature. In his free time he drives electric unicycles, takes photos (preferably with his iPhone, of course), climbs around in the Hessian mountains or hikes with the family. His articles deal with Apple products, news from the world of drones or solutions for current bugs.