{"id":10191,"date":"2020-07-02T16:46:16","date_gmt":"2020-07-02T20:46:16","guid":{"rendered":"https:\/\/www.inmotionhosting.com\/blog\/?p=10191"},"modified":"2024-01-23T14:20:59","modified_gmt":"2024-01-23T19:20:59","slug":"is-the-wordpress-xml-rpc-file-safe-or-should-i-block-it","status":"publish","type":"post","link":"https:\/\/www.inmotionhosting.com\/blog\/is-the-wordpress-xml-rpc-file-safe-or-should-i-block-it\/","title":{"rendered":"Is the WordPress XML-RPC file safe, or should I block it?"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/07\/wordpress_xml-rpc_file-1024x538.png\" alt=\"WordPress XML-RPC File | InMotion Hosting\" class=\"wp-image-10194 skip_lazy\" srcset=\"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/07\/wordpress_xml-rpc_file-1024x538.png 1024w, https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/07\/wordpress_xml-rpc_file-300x158.png 300w, https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/07\/wordpress_xml-rpc_file-768x403.png 768w, https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/07\/wordpress_xml-rpc_file-560x294.png 560w, https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/07\/wordpress_xml-rpc_file.png 1200w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Many WordPress security experts insist upon disabling the WordPress XML-RPC file. Why?<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Safety Concerns<\/h2>\n\n\n\n<p>The WordPress XML-RPC facilitates use of your website from outside of the WordPress Dashboard (or, the admin area).<\/p>\n\n\n\n<p>For one reason or another, you may want to intereact with your site from other locations. For example, submitting a post from email or from a third-party application, would have required hooking to the XML-RPC file.<\/p>\n\n\n\n<p>Given its direct access to the back end of your site, the XML-RPC file can introduce security risks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"entertherestapi\">Enter The REST API<\/h2>\n\n\n\n<p>An application programming interface (API) is basically an interface that allows two applications or devices to speak to each other. APIs facilitate the sharing of data, the manipulation of data objects, and much more.<\/p>\n\n\n\n<p>The WordPress REST API provides users and developers with a set of methods and tools for interacting with WordPress outside of the conventional administrative Dashboard.<\/p>\n\n\n\n<p>The REST API works mainly by making use of HTTP requests, or, in other words, URLs. With the right URL query information can be requested or manipulated via data objects.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"someusecasesforthewordpressrestapi\">Some Use Cases For The WordPress REST API<\/h2>\n\n\n\n<p>There are virtually an unlimited set of use cases for which the REST API is invaluable.<\/p>\n\n\n\n<p>But just to give a basic example, let\u2019s say you don\u2019t like writing blog posts in the WordPress admin area. Maybe you have a slow Internet connection, or you just prefer writing in a different tool.<\/p>\n\n\n\n<p>With the WordPress REST API, you can get your local post inserted into your WordPress site\u2019s database without ever having to log into the back end of the site.<\/p>\n\n\n\n<p>With the availability of the REST API, the viability of the XML-RPC file has been called into question, and will eventually be removed from WordPress.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"howtodisablexml-rpc\">How To Disable XML-RPC<\/h2>\n\n\n\n<p>There are many different ways to disable the XML-RPC file.<\/p>\n\n\n\n<p>The easiest was is probably through a plugin. Most security plugins will automatically disable or change permissions (another effective way of nullifying a file) on the XML-RPC.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Many WordPress security experts insist upon disabling the WordPress XML-RPC file. Why? Safety Concerns The WordPress XML-RPC facilitates use of your website from outside of the WordPress Dashboard (or, the admin area). For one reason or another, you may want to intereact with your site from other locations. For example, submitting a post from email<a class=\"moretag\" href=\"https:\/\/www.inmotionhosting.com\/blog\/is-the-wordpress-xml-rpc-file-safe-or-should-i-block-it\/\"> Read More ><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[371],"tags":[],"class_list":["post-10191","post","type-post","status-publish","format-standard","hentry","category-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Q &amp;A: Is the WordPress XML-RPC file safe?<\/title>\n<meta name=\"description\" content=\"Many WordPress security experts insist upon disabling the WordPress XML-RPC file. Why? Find out in this article.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inmotionhosting.com\/blog\/is-the-wordpress-xml-rpc-file-safe-or-should-i-block-it\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Q &amp;A: Is the WordPress XML-RPC file safe?\" \/>\n<meta property=\"og:description\" content=\"Many WordPress security experts insist upon disabling the WordPress XML-RPC file. Why? Find out in this article.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inmotionhosting.com\/blog\/is-the-wordpress-xml-rpc-file-safe-or-should-i-block-it\/\" \/>\n<meta property=\"og:site_name\" content=\"InMotion Hosting Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inmotionhosting\" \/>\n<meta property=\"article:published_time\" content=\"2020-07-02T20:46:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-23T19:20:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/07\/wordpress_xml-rpc_file-1024x538.png\" \/>\n<meta name=\"author\" content=\"InMotion Hosting\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@inmotionhosting\" \/>\n<meta name=\"twitter:site\" content=\"@inmotionhosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"InMotion Hosting\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Q &A: Is the WordPress XML-RPC file safe?","description":"Many WordPress security experts insist upon disabling the WordPress XML-RPC file. Why? Find out in this article.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inmotionhosting.com\/blog\/is-the-wordpress-xml-rpc-file-safe-or-should-i-block-it\/","og_locale":"en_US","og_type":"article","og_title":"Q &A: Is the WordPress XML-RPC file safe?","og_description":"Many WordPress security experts insist upon disabling the WordPress XML-RPC file. Why? Find out in this article.","og_url":"https:\/\/www.inmotionhosting.com\/blog\/is-the-wordpress-xml-rpc-file-safe-or-should-i-block-it\/","og_site_name":"InMotion Hosting Blog","article_publisher":"https:\/\/www.facebook.com\/inmotionhosting","article_published_time":"2020-07-02T20:46:16+00:00","article_modified_time":"2024-01-23T19:20:59+00:00","og_image":[{"url":"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/07\/wordpress_xml-rpc_file-1024x538.png","type":"","width":"","height":""}],"author":"InMotion Hosting","twitter_card":"summary_large_image","twitter_creator":"@inmotionhosting","twitter_site":"@inmotionhosting","twitter_misc":{"Written by":"InMotion Hosting","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"TechArticle","@id":"https:\/\/www.inmotionhosting.com\/blog\/is-the-wordpress-xml-rpc-file-safe-or-should-i-block-it\/#article","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/is-the-wordpress-xml-rpc-file-safe-or-should-i-block-it\/"},"author":{"name":"InMotion Hosting","@id":"https:\/\/www.inmotionhosting.com\/blog\/#\/schema\/person\/f21a89c83c7697a760c96cfe58e646bc"},"headline":"Is the WordPress XML-RPC file safe, or should I block it?","datePublished":"2020-07-02T20:46:16+00:00","dateModified":"2024-01-23T19:20:59+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/is-the-wordpress-xml-rpc-file-safe-or-should-i-block-it\/"},"wordCount":348,"commentCount":1,"publisher":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/is-the-wordpress-xml-rpc-file-safe-or-should-i-block-it\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/07\/wordpress_xml-rpc_file-1024x538.png","articleSection":["Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inmotionhosting.com\/blog\/is-the-wordpress-xml-rpc-file-safe-or-should-i-block-it\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inmotionhosting.com\/blog\/is-the-wordpress-xml-rpc-file-safe-or-should-i-block-it\/","url":"https:\/\/www.inmotionhosting.com\/blog\/is-the-wordpress-xml-rpc-file-safe-or-should-i-block-it\/","name":"Q &A: Is the WordPress XML-RPC file safe?","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/is-the-wordpress-xml-rpc-file-safe-or-should-i-block-it\/#primaryimage"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/is-the-wordpress-xml-rpc-file-safe-or-should-i-block-it\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/07\/wordpress_xml-rpc_file-1024x538.png","datePublished":"2020-07-02T20:46:16+00:00","dateModified":"2024-01-23T19:20:59+00:00","description":"Many WordPress security experts insist upon disabling the WordPress XML-RPC file. Why? Find out in this article.","breadcrumb":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/is-the-wordpress-xml-rpc-file-safe-or-should-i-block-it\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inmotionhosting.com\/blog\/is-the-wordpress-xml-rpc-file-safe-or-should-i-block-it\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/blog\/is-the-wordpress-xml-rpc-file-safe-or-should-i-block-it\/#primaryimage","url":"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/07\/wordpress_xml-rpc_file.png","contentUrl":"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2020\/07\/wordpress_xml-rpc_file.png","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.inmotionhosting.com\/blog\/is-the-wordpress-xml-rpc-file-safe-or-should-i-block-it\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inmotionhosting.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.inmotionhosting.com\/blog\/security\/"},{"@type":"ListItem","position":3,"name":"Is the WordPress XML-RPC file safe, or should I block it?"}]},{"@type":"WebSite","@id":"https:\/\/www.inmotionhosting.com\/blog\/#website","url":"https:\/\/www.inmotionhosting.com\/blog\/","name":"InMotion Hosting Blog","description":"Web Hosting Strategy, Trends and Security","publisher":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inmotionhosting.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.inmotionhosting.com\/blog\/#organization","name":"InMotion Hosting","url":"https:\/\/www.inmotionhosting.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2019\/11\/imh-logo-all-colors-big.jpg","contentUrl":"https:\/\/www.inmotionhosting.com\/blog\/wp-content\/uploads\/2019\/11\/imh-logo-all-colors-big.jpg","width":1630,"height":430,"caption":"InMotion Hosting"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inmotionhosting","https:\/\/x.com\/inmotionhosting"]},{"@type":"Person","@id":"https:\/\/www.inmotionhosting.com\/blog\/#\/schema\/person\/f21a89c83c7697a760c96cfe58e646bc","name":"InMotion Hosting","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/eb965eada0c0513dd2e1976b21fe270fa4f19ac273960fc080f9d46b81b353a4?s=96&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/eb965eada0c0513dd2e1976b21fe270fa4f19ac273960fc080f9d46b81b353a4?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/eb965eada0c0513dd2e1976b21fe270fa4f19ac273960fc080f9d46b81b353a4?s=96&r=g","caption":"InMotion Hosting"},"url":"https:\/\/www.inmotionhosting.com\/blog\/author\/imhmainadmin\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"primary_category":{"id":371,"name":"Security","slug":"security","link":"https:\/\/www.inmotionhosting.com\/blog\/security\/"},"_links":{"self":[{"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/posts\/10191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/comments?post=10191"}],"version-history":[{"count":4,"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/posts\/10191\/revisions"}],"predecessor-version":[{"id":79125,"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/posts\/10191\/revisions\/79125"}],"wp:attachment":[{"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/media?parent=10191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/categories?post=10191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/blog\/wp-json\/wp\/v2\/tags?post=10191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}