At the root of your WordPress website is a file named xmlrpc.php that has the power to control content publishing to your website from anywhere on the internet.

If you publish live content to your website from remote locations you may need it.. so scramble the name.
If you don’t, you can disallow access to it altogether and if you ever need it, enable it at that time.

It’s just spam bait and I know they will never get in but it bothers me when I get thousands of hits on it.. the server could be doing better things.

If you want to test it out, look at your stats.. you will see hits (maybe lots) on it.
Add this at the beginning of your .htaccess file.

<Files xmlrpc.php>
  order deny,allow
  deny from all
  # If you want to allow only your own IP
  #allow from

Remove the second ‘#’ and replace with your own IP for exclusive access.

I’ve been watching traffic closely and it doesn’t cut out the crap but just shaves off another layer.



Submit a Comment

Your email address will not be published. Required fields are marked *