[wp-trac] [WordPress Trac] #63937: disable xml-rpc by default on new install
WordPress Trac
noreply at wordpress.org
Fri Sep 5 16:28:56 UTC 2025
#63937: disable xml-rpc by default on new install
-----------------------------------------+-----------------------------
Reporter: aqueos | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: XML-RPC | Version:
Severity: normal | Keywords:
Focuses: performance, sustainability |
-----------------------------------------+-----------------------------
hi,
as the xmlrpc API is deprecated (xml-rpc.php), very hard on cpu
ressources , and widly used by bot to attack WP users by dictionary
attacks. I think it would make sense as security standpoint and
sustainability standpoint to disable xmlrpc API by default on new
installs.
It would let the settings as it is on upgrade but the default for new
install would be off.
it's deprecated since 10 years now so it would be even something that
could be completly removed or at least diabled on new installs.
best regards,
Ghislain.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63937>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list