XML-RPC is a feature of WordPress that enables data to be transmitted, with HTTP acting as the transport mechanism and XML as the encoding mechanism. Since WordPress isn’t a self-enclosed system and occasionally needs to communicate with other systems, this was sought to handle that job.
For example, let’s say you wanted to post to your site from your mobile device, you could use the remote access feature enabled by xmlrpc.php to do just that.
The core features that XML-RPC enabled were allowing you to connect to your site via smartphone, implementing trackbacks and pingbacks from other sites, and some functions associated with the Jetpack plugin.
However, XML-RPC has also caused a large number of security issues and since the introduction of the more secure REST API in 2015, has fallen out of favor. For this reason, Elementor Hosting sites disable XML-RPC by default on sites created after July 16, 2024. For sites created before this date, we recommend disabling XML-RCP unless you have a specific need for it.
In some cases, users may have a specific need for XML-RPC therefore you do have the option of enabling it.
Enable or Disable XML-RPC
If you don’t need XML-RPC, best practice is to disable XML-RPC.
To enable or disable XML-RPC:
- Go to your My Elementor dashboard.
All your websites appear in the right pane. - Hover over the website card of the site you want to edit.
- Click Manage this website.
- In the left panel, click the Advanced tab.
- In the right pane, click the Security tab.
- Toggle on to disable XML-RPC or off to enable XML-RPC.
