This plugin hasn’t been tested with the latest three major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Deactivate XML-RPC on WordPress


This plugin will completely disable or deactivate XML-RPC on your WordPress installation. This will prevent any brute force attacks to your website using XML-RPC.

By using the plugin, it will remove your ability to post using XML-RPC protocol, which means no more,

  • post ping backs,
  • remote post from WordPress mobile app,
  • remote post from windows live writer,
  • and other applications that requires XML-RPC.


  1. Upload deactivate-xml-rpc folder to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. That’s it XML-RPC is now deactivated


How to check if XML-RPC is really deactivated?

You can check your installation via a WordPress XML-Validator service at this URL:

Contributors & Developers

“Deactivate XML-RPC on WordPress” is open source software. The following people have contributed to this plugin.




  • Initial release.