Title: Plugins and XMLRPC
Last modified: October 14, 2019

---

# Plugins and XMLRPC

 *  [jmoran888](https://wordpress.org/support/users/jmoran888/)
 * (@jmoran888)
 * [6 years, 8 months ago](https://wordpress.org/support/topic/plugins-and-xmlrpc/)
 * I want to disable xmlrpc.php on my WP site to prevent brute force attacks – however
   i want to make sure that there are no plugins that are actually using it. I’ve
   searched the code for xmlrpc.php and have not found anything. Is there anything
   else i should do ? Is there a list of plugins somewhere that are known users ?
   I disabled it on one of my 2 servers and its showing an nginx error log
    2019/
   10/14 21:58:48 [error] 28017#28017: *420 access forbidden by rule, client: 172.26.30.210,
   server: xxx, request: “POST /xmlrpc.php HTTP/1.1”, host: “xxx” 2019/10/14 21:
   59:49 [error] 28017#28017: *437 access forbidden by rule, client: 172.26.4.74,
   server: xxx, request: “POST /xmlrpc.php HTTP/1.1”, host: “xxx”
 * They always seem to be coming from the same 2 client IPs
 * Thanks

The topic ‘Plugins and XMLRPC’ is closed to new replies.

## Tags

 * [xmlrpc](https://wordpress.org/support/topic-tag/xmlrpc/)

 * 0 replies
 * 1 participant
 * Last reply from: [jmoran888](https://wordpress.org/support/users/jmoran888/)
 * Last activity: [6 years, 8 months ago](https://wordpress.org/support/topic/plugins-and-xmlrpc/)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics