How to Enable and Disable XMLRPC.PHP file in WordPress and why

How to Enable and Disable XMLRPC.PHP file in WordPress and why

The XMLRPC is a system that allows remote updates to WordPress from other applications. For instance, the Windows Live Writer system is capable of posting blogs directly to WordPress because of XMLRPC. In its earlier days, however, it was disabled by default because of coding problems.

In essence, XMLRPC php could open the site to various attacks and other issues. Luckily, the developers of this code have long since tightened up its structure and it is still a widely used application.

In this tutorial, we’re going to show you how to enable and disable the XMLRPC php and why it’s important to know the difference.

Why Do You Need XMLRPC?

The XMLRPC allows remote connection to WordPress. Without it, various tools and publishing applications simply will not be able to access the website. Any updates or additions to the website would have to be made while logging directly into the system.

The Good

By disabling this feature, you eliminate the risk of external attacks gaining access. Although the contributors to this platform attest the programming of XMLRPC is as secure as the rest of the core files of WordPress, some may feel safer by disabling this ability.

It’s like having a house with only one door. Adding a second door may be more convenient, but it creates another entry point that needs to be locked.

The Bad

The obvious downside to eliminating this feature is that remote access to WordPress will no longer be possible. This removes some of the functionality and versatility of the system. Instead of posting blogs from a different application automatically through remote access, any content and other changes would have to be made through logging directly into WordPress.

This can be problematic for those who like the idea of posting content directly from their mobile devices.

The Reality of XMLRPC

For the most part, XMLRPC is only truly useful if you’re planning to use mobile apps or remote connections to publish content on your website. As mobile use has been such a prevalent way to access the Internet, many people will use remote apps to make developing their WordPress sites much easier.

This is also one of the reasons why developers put so much effort into fixing the problems with this feature’s coding in the past.

However, not everyone will need this ability enabled. Many aspects of the system work very well and are easy to use on smartphones or tablets. This is especially true since the core of WordPress works exceptionally well in a mobile environment.

Disabling XMLRPC Through Plugins

While many things can be done at the coding level in WordPress, sometimes it’s just easier to use the right plugin. Today, we’re going to use Manage XML-RPC. This plugin is simple and does the job to enable and disable the XMLRPC whenever you wish.

To use this plugin:

Step 1: Go to the plugins area of your WordPress dashboard.


Step 2: Add a new plugin and search for, “Manage XML-RPC.”

Step 3: After installing and activating the plugin, a new feature will appear in the left side of your WordPress admin panel called, “XML-RPC Settings.” Click this link to open the plugin.

Step 4: Check the box to “Disable XML-RPC” if you want to remove the remote access abilities of WordPress. At any time, you can uncheck the box to re-enable it.

NOTE: Manage XML-RPC also comes with the ability to disable pingbacks. You can also set certain IP addresses to enable and disable the feature. This can be convenient if you want the service to work for specific applications or users based on their IP address.

Step 5: Once your selections have been made, click the “Save Changes” button on the bottom left of the screen.

This plugin gives you the ability to enable or disable XMLRPC for the entire site or just a handful of IP addresses. It’s a nice feature to have, especially if you want to block specific users from accessing XMLRPC through WordPress.

Here are a few other plugins you may be interested in:

Disable XML-RPC

The Disable XML-RPC plugin is a simple way of blocking access to WordPress remotely. It’s one of the most highly rated plugins with more than 60,000 installations. This plugin has helped many people avoid Denial of Service attacks through XMLRPC.

G2 Security

G2 Security gives you the ability to disable XMLRPC as well as other features to lock down WordPress. It uses Google Safe Browsing, vulnerability alerts from WPScan, can disable the file editor and removes unnecessary headers from the system. It may be a good solution for those looking for website security. It’s a plugin that may be worth adding to your site.

Using the .htaccess File to Disable XMLRPC

A lot of people have found a wide degree of success by using the .htaccess file to disable XMLRPC. The code itself is relatively simple and can be of great use if you don’t want to worry about new plugins.

To use .htaccess to disable the XMLRPC php function in WordPress:

Step 1: Go to the root folder of your WordPress website using FTP. The File Manager in cPanelcan also be useful if you have it available.

Step 2: Find and edit the .htaccess file. In some versions of cPanel, this file will be hidden. You will need to set cPanel to view hidden files to access .htaccess.

Step 3: Add the following code:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from

Step 4: Save the .htaccess file.

It’s that simple. Now, anything remote using XMLRPC will be denied.

Using Code in a Site-Specific Plugin

A site-specific plugin can be extremely useful if you want to add functionality to your site without incorporating third-party software. It’s a great way to add snippets you find on the Internet to use in your site without editing a theme template or the functions.php file.

In your site-specific plugin, you can simply add the following code to disable the remote access feature:

add_filter(‘xmlrpc_enabled’, ‘__return_false’);

Once saved, the site-specific plugin will run the above code and disable XMLRPC. However, you will need to remove the code in the event you want to turn the feature back on.

When will I need to enable XMLRPC on my site?

If you use, or are planning to use, a remote system to post content to your site, you will need this feature enabled. Otherwise, you won’t be able to make remote connections through the system. If you disabled the feature and found that some of your plugins or other tools no longer work, you will need to re-enable it to continue using those additions.

Not everyone will need XMLRPC turned on within WordPress for it to function properly. In fact, a lot of you may never use this feature at all. If you’re worried about additional security issues, it’s in your best interest to disable this feature until you absolutely need it.

What kind of tools have you disabled in WordPress? What plugins do you have the take the place of coding on your website?

Simple Way To Submit Your Xml Sitemap On Google Search Console

Hello Good Day, 

My Name is Olamide I want to show you “simple way to submit your website sitemap on google serach console

When we create a website, one of the most common issues we must address is how to list the site in search engines like Google.

Whenever I talk to newbies who are not aware of how the search engine works, they think that they need to pay Google or other search engines to list their website.

This is is not true, of course.

You can show your website in a Google search for free. The only thing you need to work on is helping Google to find your blog.

This could be easily done with the help of Sitemap file. All you need to do is, generate Sitemap file for your website and submit it to Google.

Google search console (Formerly Google Webmaster Tool ) is a free tool that lets you control your website from the search engine’s perspective. I will not go into detail about GWT as I have already covered it in previous posts. In case you missed it, here is the first article to get you started:

First we need to understand what a sitemap is, and why submitting your sitemap to search engines is important.

What is a sitemap?

A sitemap is an XML file that contains the URLs inside your blog. This file helps crawlers to find all of the URLs of your blog.
There are many aspects of your site that a crawler will follow, such as the size of your sitemap and the number of URLs in your sitemap.  In short, a sitemap is a complete index of your blog that you want search engine bots to see.

In the below screenshot you can see an example of Sitemap file:

This wiki article on sitemaps will give you more technical and historical details.

Simply stated, a sitemap file contains all the URLs of your blog, and you submit that file to search engines to let them know about all the pages of your blog. Search engine bots follow sitemap files to crawl and index your website.

You can learn more about crawling and indexing here.

For a normal website, we use an online sitemap generator to create a sitemap file and submit it to webmaster tools offered by Google and Bing. For WordPress blogs, we use plugins that automatically keep updating our sitemap file as we publish the new post. This way, you don’t have to resubmit a new sitemap after publishing new articles.

It’s a good practice to place your sitemap file link at the footer of your website so that search engine bots can quickly discover and follow the site map file and crawl your blog more effectively.

Now that we know what a sitemap is, let’s move to the next level.

How to generate a sitemap for your WordPress website:

Sitemaps can be generated in different ways depending on the platform you are using for your website. For example, WordPress sitemaps can be easily generated using popularSEO plugin call Yoast SEO.

For another platform like those for static sites, there are many online tools and types of offline software which will help with sitemap generation. For the purpose of this post, I will assume you know how to generate a sitemap, and we will now learn how to submit that sitemap to Google.

How To Submit Sitemap To Google Search console:

Here are steps you need to follow:

  1. Sign in to Google search console
  2. Select your Website
  3. Click on Sitemap from the left sidebar
  4. Add your Sitemap URL (Ex:sitemap_index.xml)
  5. Click submit

Here is a detailed explanation:

Head over to Google search console and select your website. If you have never submitted your site before to Google, read this tutorial to add it and verify as well.

Well, thats it. Once you hit the submit button, Google will crawl your sitemap file and start crawling and indexing all the links listed in the submitted sitemap file.

If you are using old version of Google search console, then follow the steps outlined below.

Inside your Google Webmaster Tool dashboard, on the right-hand side you will see an option called “Sitemaps”. Click on “More” to see all submitted sitemaps, or you can submit a new sitemap from there.

GWT sitemap

Click on “Add/Test Sitemap” to submit your sitemap file. On the same page, you can see which sitemaps are discovered by Google or which sitemap files have been previously submitted by you or someone from your team.

Submit sitemap to Google search

Depending on what type of sitemap you have generated, you can submit it from here. If you are running a site with lots of images, I suggest you create an image sitemap, as we already discussed in Image SEO optimization. You can also create a video sitemap for your website. For a WordPress blog, you can create image sitemaps using this WordPress plugin.

Google Sitemap

If you are submitting a sitemap for a new blog, it might take some time for you to see the index status. With index status on the same page, you can see how many URLs are submitted via sitemap and how many links Google has indexed.

If you have submitted separate sitemaps for images and videos, you will see the status for those links, too. Here is an example of the index status of the Download Latest Plugins Too:

Website index status

Once you are finished submitting your blog sitemap to the Google search engine, I suggest you read this guide and then repeat the process with the Bing Webmaster Tool.

Here is a detailed guide to submitting a sitemap to the Bing Webmaster Tool.

Here are few more guides that you should consider reading:

  • 12 solid steps to increasing Google’s crawl rate for your website
  • Understand site crawl errors in Google Webmaster Tool and fix them right now

Let us know whether or not you have done sitemap submissions for your website. 

What other SEO-related things do you do for faster indexing of your blog?

Remember to share this post with anyone who might benefit from this information, including your Facebook friends, Twitter followers and members of your Google+ group!


Watch Video Below To Undestand More