Disable XML-RPC

XML-RPC allows interaction between blog posts and some plugins. WordPress is essentially a blogging platform on steroids – although these days it is mostly used asa CMS for websites. XML-RPC is useful for automated content from feeds but is not used to its full for regular websites.

Hackers exploit XML-RPC as an opportunity to bruteforce password access.

XML-RPC use should be reviewed and the risks mitigated as part of a WordPress Security Maintenance check.

Open chat