Title: Server Error Message for xmlrpc.php
Last modified: April 3, 2025

---

# Server Error Message for xmlrpc.php

 *  Resolved [HKP](https://wordpress.org/support/users/hiskingdomprophecy/)
 * (@hiskingdomprophecy)
 * [1 year, 1 month ago](https://wordpress.org/support/topic/server-error-message-for-xmlrpc-php/)
 * Hi Folks,
 * The plugin is working correctly and is denying access to my xmlrpc.php.
 * However, daily I am getting hundreds of Error Messages: “AH01630: client denied
   by server configuration: /…. xmlrpc.php,”
 * Is there any way that these Server Error Messages can be eliminated by perhaps
   modifying the .htaccess code: `Disable XML-RPC - Security > Settings > WordPress
   Tweaks > XML-RPC..... etc.` ?
 * Just a thought…..
 * Regards and thanks!

Viewing 4 replies - 1 through 4 (of 4 total)

 *  [nlpro](https://wordpress.org/support/users/nlpro/)
 * (@nlpro)
 * [1 year, 1 month ago](https://wordpress.org/support/topic/server-error-message-for-xmlrpc-php/#post-18401625)
 * Hi [@hiskingdomprophecy](https://wordpress.org/support/users/hiskingdomprophecy/),
 * No that is probably not possible from within the .htaccess file.
 * The good news is that these specific (Apache web server) log entries (notices)
   can probably be suppressed from the web server configuration.
 * Check out the link below:
 * [Suppress “client denied by server configuration” Notices](https://serverfault.com/questions/1008571/suppress-client-denied-by-server-configuration-notices)
 * It’s probably best to contact your webhosting to request the necessary web server
   config change.
 * +++ To prevent any confusion, I’m not SolidWP +++
    -  This reply was modified 1 year, 1 month ago by [nlpro](https://wordpress.org/support/users/nlpro/).
 *  Thread Starter [HKP](https://wordpress.org/support/users/hiskingdomprophecy/)
 * (@hiskingdomprophecy)
 * [1 year, 1 month ago](https://wordpress.org/support/topic/server-error-message-for-xmlrpc-php/#post-18401825)
 * [@nlpro](https://wordpress.org/support/users/nlpro/)
 * Thanks greatly for the follow up!
 * I guessed that may be your answer, but as I have no skills of knowledge in this
   area, you reply and the links are most helpful. Now I know what to look for 🙂
 * Thanks, so very much!
 *  Thread Starter [HKP](https://wordpress.org/support/users/hiskingdomprophecy/)
 * (@hiskingdomprophecy)
 * [1 year, 1 month ago](https://wordpress.org/support/topic/server-error-message-for-xmlrpc-php/#post-18411896)
 * [@nlpro](https://wordpress.org/support/users/nlpro/)
 * FYI: Found three solutions for how to avoid a denial of xmlrpc.php showing as
   a server error:
 * Option 1: Disable via WordPress Filter (cleanest way)
   Add this to your theme’s
   functions.php`add_filter('xmlrpc_enabled', '__return_false');`
 * Option 2: Custom .htaccess Rule (No Error, Just Quiet Denial)
   `<Files xmlrpc.
   php> SetEnvIf Request_Method "POST" block_xmlrpc Order Allow,Deny Allow from 
   all Deny from env=block_xmlrpc </Files>`
 * Option 3: Custom Response via Plugin
   `add_action('init', function() { if (strpos(
   $_SERVER['REQUEST_URI'], 'xmlrpc.php') !== false) { header('Content-Type: text/
   plain'); echo 'XML-RPC is disabled.'; exit; } });`
 * Regards and thanks!
 *  [nlpro](https://wordpress.org/support/users/nlpro/)
 * (@nlpro)
 * [1 year, 1 month ago](https://wordpress.org/support/topic/server-error-message-for-xmlrpc-php/#post-18413027)
 * Hi [@hiskingdomprophecy](https://wordpress.org/support/users/hiskingdomprophecy/),
 * Thank you for sharing that info.
 * About option 1, according to the WordPress Developer code reference:
 * > [Description](https://developer.wordpress.org/reference/hooks/xmlrpc_enabled/#description)
   > Contrary to the way it’s named, this filter does not control whether XML-RPC
   > is _fully_ enabled, rather, it only controls whether XML-RPC methods requiring
   > authentication – such as for publishing purposes – are enabled.
   > Further, the filter does not control whether pingbacks or other custom endpoints
   > that don’t require authentication are enabled. This behavior is expected, and
   > due to how parity was matched with the `enable_xmlrpc` UI option the filter
   > replaced when it was introduced in 3.5.
 * Also note that the SolSec plugin implements disabling XMLRPC in two ways (~fallback
   mechanism), in the .htaccess file and by hooking into the [xmlrpc_enabled](https://developer.wordpress.org/reference/hooks/xmlrpc_enabled/)
   filter.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Server Error Message for xmlrpc.php’ is closed to new replies.

 * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=3529351)
 * [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/)
 * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/)

 * 4 replies
 * 2 participants
 * Last reply from: [nlpro](https://wordpress.org/support/users/nlpro/)
 * Last activity: [1 year, 1 month ago](https://wordpress.org/support/topic/server-error-message-for-xmlrpc-php/#post-18413027)
 * Status: resolved