> ## Documentation Index
> Fetch the complete documentation index at: https://kb.hosting.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Disabling XML-RPC with the A2 Optimized for WordPress plugin

> WordPress uses an XML-RPC interface to allow other websites or apps to interact with your site, but leaving it open poses a potential security risk. Learn how to disable XML-RPC in WordPress using the A2 Optimized for WordPress plugin.

XML-RPC is a [Remote Procedure Call](https://en.wikipedia.org/wiki/Remote_procedure_call) method that uses XML over HTTP. WordPress is configured to use an XML-RPC interface out of the box that enables other websites or apps to interact with your site. XML-RPC requires valid XML to be sent via HTTP posts, but leaving it enabled is a potential security risk because it can be used for SQL injection attacks, Server Side Forgery, and other malicious activities.

This article shows how to disable XML-RPC in WordPress using the A2 Optimized for WordPress plugin.

## Disabling XML-RPC

To disable XML-RPC using the A2 Optimized for WordPress plugin, follow these steps:

1. Log in to your WordPress site as the administrator.

2. Under **Dashboard**, click **A2 Optimized**:\
   ![A2 Optimized WP - Dashboard menu](https://static.hosting.com/kb/kb-a2-optimized-dashboard-menu.png)

3. Click the **Optimization** tab:\
   ![A2 Optimized WP - Optimization tab](https://static.hosting.com/kb/kb-a2-optimized-tab-selected.png)

4. In the left sidebar, click **Security**:\
   ![A2 Optimized WP - Sidebar - Security](https://static.hosting.com/kb/kb-a2-optimized-sidebar-security.png)

5. In the **SECURITY** section, at the bottom click **More Optimizations**:\
   ![A2 Optimized WP - Security - More Optimizations](https://static.hosting.com/kb/kb-a2-optimized-security-more-optimizations.png)

6. In the **Block Unauthorized XML-RPC Requests** row, click the slider to enable or disable blocking:\
   ![A2 Optimized WP - Security - XML-RPC slider](https://static.hosting.com/kb/kb-a2-optimized-security-xml-rpc-slider.png)

## More information

For more information about the XML-RPC service for WordPress, please visit [https://codex.wordpress.org/XML-RPC\_Support](https://codex.wordpress.org/XML-RPC_Support).

## Related articles

* [Managing HTTP Strict Transport Security (HSTS) for your site](/docs/enabling-http-strict-transport-security-hsts-for-your-site)

* [WordPress security](/docs/wordpress-security)
