Can you delete the xmlrpc.php from the WordPress directory?

Wordpress
Wordpress

WordPress file xmlrpc.php is not essential.

Question: I got mine today WordPress hoster wrote that the xmlrpc.php file in my WordPress directory would use too many resources and it would have completely overloaded the server. The script was then blocked by the hoster. My question is if I can maybe delete the script completely to solve the resource problem. Greetings, Leon!

Answer: Thank you for your question. I assume that the script was targeted by hackers on your WordPress installation. I already have about it wrote an older blog post. In principle, you can delete the PHP file, as it is only needed for WordPress to operate if, for example, you are working with the Windows Live Writer or the WordPress app (or similar) want to access your WordPress. This data exchange between the programs and your WordPress blog works via the XML-RPC interface, which in turn is generated by this file.

If the file is deleted, the [hackers-> wordpress-hackers] no longer have a point of attack and the attacks will come to nothing. For this reason, it is a good idea to remove the file when you are not using it. Of course, you can easily manage the blog via the WP-Admin without this file.

Important: It is more clever to forbid the file via an entry in the .htaccess file (see right here). With a WordPress update, WordPress puts the xmlrpc.php back into the main directory and you would have to manually eject the file. Due to the entry in the .htaccess file, it remains permanently blocked.

I hope I could answer your question.

-

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership or at Patreon would support.

Leave a Comment

Your e-mail address will not be published.