Disable XML-RPC for a WordPress instance hosted in Plesk like a pro with assistance from our in-house experts. 

At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Services.

Let’s take a look at how our Support Team is ready to help customers disable XML-RPC for a WordPress instance hosted in Plesk.

How to disable XML-RPC for a WordPress instance hosted in Plesk

Our Support Techs have come up with four different ways to disable XML-RPC for a WordPress instance:

• Using a WordPress Security feature
• Using a WordPress plugin
• For domains with disabled proxy mode or PHP-FPM served by Nginx
• For domains with enabled proxy mode and PHP served by Apache

Let’s take a look at each of these in detail.

Using a WordPress Security feature

This is a security measure that helps turn off XML-RPC pingbacks for the entire website. Additionally, it disables pingbacks for previous posts with pingbacks set:

1. First, log in to Plesk.
2. Then, head to WordPress > example.com > Security.
3. Next, choose the website URL and click Secure.
4. After that, click Turn off pingbacks.

Using a WordPress plugin

1. First, log in to Plesk.
2. Then, head to WordPress > example.com > Plugins and select Install.
3. Next, look for a plugin to disable XML-RPC. For instance:

   
4. Finally, click Install to start the installation.

For domains with disabled proxy mode or PHP-FPM served by Nginx

1. First, log in to Plesk.
2. Next, head to Domains > example.com > Apache & nginx Settings and add the following additional Nginx directives:

   location = /xmlrpc.php {
   deny all;
   }
   if (!-e $request_filename) {
   set $test P;
   }
   if ($uri !~ ^/(plesk-stat|webstat|webstat-ssl|ftpstat|anon_ftpstat|awstats-icon|internal-nginx-static-location)) {
   set $test "${test}C";
   }
   if ($test = PC) {
   rewrite ^/(.*)$ /index.php?$1;
   }

   This helps block requests to WordPress XML-RPC as well as process WordPress permalinks accurately.

For domains with enabled proxy mode and PHP served by Apache

1. First, log in to Plesk.
2. Next, head to Domains > example.com > Apache & nginx Settings and add the following additional Nginx directives:

   location /xmlrpc.php {
   deny all;
   }

   This blocks requests to WordPress XML-RPC.

[Looking for a solution to another query? We are just a click away.]

Conclusion

To sum up, our skilled Support Engineers at Bobcares demonstrated how to disable XML-RPC for a WordPress instance hosted in Plesk.