XMLRPC.php Access denied error


#1

Hi,
I had blocked the xmlrpc.php file via htaccess file. But after blocking I’m seeing xmlrpc.php error in the Search Console. Why Google want to access this file? Should I unblock this file?


#2

Hello dear,

Because, below line which exist at your blog’s source code.

<link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.xyz.com/xmlrpc.php?rsd" />

No. Instead, you can remove unwanted source code properly.

remove_action( 'wp_head', 'rsd_link' ) ;


#3

Thanks you very much. I will remove that link via function.php file. Now you can close the thread.
Thanks! :slight_smile:


#4

You’re welcome! :slight_smile:


#7

Today while just watching the queries on my WP Blog and found too much xmlrpc.php request to the server.
I came to ask for the solution, but it is already there and I applied the code.
I removed from the theme, thank you @GulshanKumar bro.
You are so great.

One more question, it won’t affect SEO huh?


#8

The xmlrpc.php has nothing to do with SEO.


<files xmlrpc.php>
Order allow,deny
Deny from all
</files>

This would be better way to disable.


<link rel="pingback" href="http://example.com/xmlrpc.php">
Along with above .htaccess rule, we must consider removing xmlrpc.php from the header part of theme using below function to avoid 403 error message in the SC.

remove_action( 'wp_head', 'rsd_link' ) ;


Caution:

In these two cases shouldn’t be disabled

  • xmlrpc.php is used by weblog client (example, Windows Live Writer, WordPress App)
  • You shouldn’t disable if you use JetPack. It may create problem in connection with WordPress.com

#10

I was reading this article and it’s bugging me that everyone here wants to disable the xmlrpc api!
There is no use of disabling xmlrpc.php because it only degrades the performance and compatibility of your wordpress site with various plugins that use the api to talk to your wordpress instance.

Here is a better explaination:

Now, in order to prevent excessive traffic to your xmlrpc.php, The following can be done:
#1 Disable Pingback and Trackback
#2 Use Anti Spam like Akismet
#3 Use rate limiting plugin like Wordfence or Hide my wp