Title: How to prevent visits using http://example.com/xmlrpc.php? Last modified: August 30, 2016 --- # How to prevent visits using http://example.com/xmlrpc.php? * Resolved [kflem](https://wordpress.org/support/users/kflem/) * (@kflem) * [10 years, 8 months ago](https://wordpress.org/support/topic/how-to-prevent-visits-using-httpexamplecomxmlrpcphp/) * Live Traffic on our websites shows an increasing number of visits (from all parts of the world) using the URL [http://__.com/xmlrpc.php](http://__.com/xmlrpc.php). When I click the link, I get the following message on a blank screen: **XML-RPC server accepts POST requests only.** * Is this normal activity or hacking? If the latter, how to stop this activity? * [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/) Viewing 2 replies - 1 through 2 (of 2 total) * Plugin Author [WFMattR](https://wordpress.org/support/users/wfmattr/) * (@wfmattr) * [10 years, 8 months ago](https://wordpress.org/support/topic/how-to-prevent-visits-using-httpexamplecomxmlrpcphp/#post-6531947) * Some other sites are seeing the same. We do have a feature request in our system to block XMLRPC login attempts, which will likely be included in a future release. * If you don’t use XMLRPC for the WordPress app (or other blog software), and don’t use pingbacks, you can disable XMLRPC completely, if you would like. I’ve used this plugin before — it hasn’t had an update since February, but it’s literally one line of actual code and works correctly in WP 4.3: [https://wordpress.org/plugins/disable-xml-rpc/](https://wordpress.org/plugins/disable-xml-rpc/) * [leejosepho](https://wordpress.org/support/users/leejosepho/) * (@leejosepho) * [10 years, 8 months ago](https://wordpress.org/support/topic/how-to-prevent-visits-using-httpexamplecomxmlrpcphp/#post-6531957) * > If you don’t use XMLRPC for the WordPress app (or other blog software), and > don’t use pingbacks, you can disable XMLRPC completely, if you would like. * I do not claim to understand much of this, but here is some related code I have found: * ``` // from http://www.deluxeblogtips.com/2013/08/disable-xml-rpc-wordpress.html // Disable XML-RPC and remove header link, including Pingback // This will prevent these files from being linked at the header, // but the files themselves will remain available on your server. // Be sure remote publishing is disabled if you implement this method. // You can still receive pingbacks and trackbacks with remote-access // disabled since the file will still be available on your server. add_filter( 'xmlrpc_enabled', '__return_false' ); // Hide xmlrpc.php in HTTP response headers add_filter( 'wp_headers', 'yourprefix_remove_x_pingback' ); function yourprefix_remove_x_pingback( $headers ) { unset( $headers['X-Pingback'] ); return $headers; } // Remove xmlrpc.php and wlwmanifest.xml header links function removeHeadLinks() { remove_action('wp_head', 'rsd_link'); remove_action('wp_head', 'wlwmanifest_link'); } add_action('init', 'removeHeadLinks'); ``` Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘How to prevent visits using http://example.com/xmlrpc.php?’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) * 2 replies * 3 participants * Last reply from: [leejosepho](https://wordpress.org/support/users/leejosepho/) * Last activity: [10 years, 8 months ago](https://wordpress.org/support/topic/how-to-prevent-visits-using-httpexamplecomxmlrpcphp/#post-6531957) * Status: resolved