This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Deactivate XML-RPC on WordPress


This plugin will completely disable or deactivate XML-RPC on your WordPress installation. This will prevent any brute force attacks to your website using XML-RPC.

By using the plugin, it will remove your ability to post using XML-RPC protocol, which means no more,

  • post ping backs,
  • remote post from WordPress mobile app,
  • remote post from windows live writer,
  • and other applications that requires XML-RPC.


  1. Upload deactivate-xml-rpc folder to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. That’s it XML-RPC is now deactivated


How to check if XML-RPC is really deactivated?

You can check your installation via a WordPress XML-Validator service at this URL:

Contributors & Developers

“Deactivate XML-RPC on WordPress” is open source software. The following people have contributed to this plugin.




  • Initial release.