Why Website Security is Important?
A hacked WordPress site can cause serious damage to your business revenue and reputation. Hackers can steal user information, passwords, install malicious software, and can even distribute malware to your users.
Worst, you may find yourself paying ransomware to hackers just to regain access to your website.
How to Disable WordPress XML-RPC with .htaccess
While the above solution is sufficient for many, it can still be resource intensive for sites that are getting attacked.
In those cases, you may want to disable all xmlrpc.php requests from the .htaccess file before the request is even passed onto WordPress.
# Block WordPress xmlrpc.php requests
<Files
xmlrpc.php>
order deny,allow
deny from all
allow from 123.123.123.123
</Files>
Disabling PHP Execution in Certain WordPress Directories Using .htaccess File
Most WordPress sites have a .htaccess file in the root folder. This is a powerful configuration file used to password protect admin area, disable directory browsing, generate SEO friendly URL structure, and more.
By default, the .htaccess file located in your WordPress website’s root folder, but you can also create and use it inside your inner WordPress directories.
To protect your website from backdoor access files, you need to create a .htaccess file and upload it to your site’s /wp-includes/ and /wp-content/uploads/ directories.
Simply create a blank file on your computer by using a text editor like Notepad (TextEdit on Mac). Save the file as .htaccess and paste the following code inside it.
<Files *.php>
deny from all
</Files>