Should I disable XML-RPC on WordPress?

[Steve32]

Should I deactivate XML-RPC on WordPress? I heard that XML-RPC is opening for brute force attacks, if yes, how to disable it in WordPress?

 

[professorrosado]

WordPress v3.5 introduces the filter xmlrpc_enabled:

add_filter('xmlrpc_enabled', '__return_false');

You can add this code to your wp_config.php after the line require_once(ABSPATH . 'wp-settings.php'); if you want to disable XML-RPC for your site.
from [URLnf="http://wpengineer.com/2484/xml-rpc-enabled-by-default-in-wordpress-3-5/"]here[/URLnf]

Also, there are a few plugins in the plugin repository that do this for you or block access to it. Try that option.

 

[michaelswengel]

I have it disabled on my sites, but it depends on your needs.

If you're concerned about security (as you should be) check out iThemes Security or a similar plugin and get your site locked down from attack. It's protected mine from attack a few times.

 

[LowEndXeon]

I would, due to the very easy to access attack methods for the people who'd like to pay to get a site downed for about 600 seconds. Becomes a huge issue if they continue. I'd do it based on your needs on WordPress.