Securing wordpress.com business site

mje42 · Member · Dec 4, 2024 at 11:07 am
Copy link

Add topic to favorites
All of the advice and guidance around XML-RPC recommends turning it off. and yet it seems this is not possible on a wordpress.com business hostnig plan.

Can someone please explain what mitigations are in place or available to ensure the platform remains secure in the absence of the ability to disable this technology and the risks it may present?
404bill · Member · Dec 4, 2024 at 6:11 pm
Copy link
Hi there,

Here is some info on the security WordPress offers: https://wordpress.com/support/security/

With regards to XML-RPC, Jetpack (installed on all WordPress.com sites) uses their own implementation of it, more information about this can be found here: https://jetpack.com/support/jetpack-and-xml-rpc/

Turning off XML-RPC will stop Jetpack from working, but there is this plugin that claims to remove some methods used by attackers but keeping the jetpack functionally intact (I have not tested this plugin myself): https://wordpress.com/plugins/disable-xml-rpc-pingback/

Hopefully this helps

The topic ‘Securing wordpress.com business site’ is closed to new replies.

Couldn't find what you needed?

Contact us

Get answers from our AI assistant, with access to 24/7 expert human support on paid plans.

Browse our guides

Find step-by-step solutions to common questions in our comprehensive guides.