Skip to main content

How to Disable JSON REST API and XML-RPC in WordPress by htaccess

How to Disable JSON REST API and  XML-RPC in WordPress by htaccess

 

What is XML-RPC? 

According to Wikipedia, XML-RPC is a remote procedure call which uses XML to encode its calls and HTTP as a transport mechanism. In short, it is a system that allows you to post on your WordPress blog using popular weblog clients like Windows Live Writer. It is also needed if you are using the WordPress mobile app. It is also needed if you want to make connections to services like IFTTT.

 

Why You Need to Disable JSON REST API in WordPress?

There is no denying that the API will bring lots of benefits for WordPress developers. The API makes it super easy to retrieve data using GET requests, which is useful for those building apps with WordPress.

 

now using .htaccess we can block them by adding this code to the /htaccess file 

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from [Your IP Address]
</Files>

# Block WordPress wp-json requests
<Files wp-json>
order deny,allow
deny from all
</Files>

if you want to block it and keep it only for a referal you can use this 

<Files wp-json>
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} !example\.com [NC,OR]
RewriteCond %{HTTP_REFERER} !example\.com
RewriteRule .* - [F]
</Files>

 

 

Reference 

How to Disable XML-RPC in WordPress (wpbeginner.com)

How to Disable JSON REST API in WordPress (wpbeginner.com)