#2 way hackers hack WordPress - Disable XMLRPC in WordPress 

Thanks for letting me know! I've added it to the pinned comment and I'll paste it here: # BEGIN Disable XML-RPC.PHP (left pointy bracket)Files xmlrpc.php(right pointy bracket) Order Deny,Allow Deny from all (left pointy bracket)/Files(right pointy bracket) # END Disable XML-RPC.PHP And sorry for the delay. I'm still trying figure out my summer holiday work schedule!

Did it give you that message before your after you added the code?

Hi Rand, good question! In my videos I like to show different ways to do the same thing. For example, some people like to use plugins and others don't, so I like to show how to do the same thing with or without a plugin. I don't use Wordfence much anymore because it uses a lot of resources and can slow websites down. I don't think it's on any of my sites at the moment actually. Did you see residue Wordfence code in the .htaccess file? And even though I don't use Wordfence for the reason above, I'll still make a video for it in the future because other people may not be worried about the resources usage. Or their hosting is so fast it compensates for Wordfence.

You're welcome Visual, thanks for watching! Let me know if you have any questions :)

Nice work! It just takes a few little tweaks to make a big difference in regards to website security. Why is this video unlisted? It's complicated, haha. I often record, edit and upload videos in bulk and I often make several related videos at the same time and link them together by referencing other videos from each video. This video, which I haven't scheduled to be published yet, is referenced by other videos that have published over the past few week. By keeping it set to unlisted, this video can be watched when some gets to it from another video. But as soon as this video is scheduled for future publishing, it's set to "private" by RU-vid and can't be watched until it's published. I would prefer to schedule everything in advance and have it be a little more "hands-off", but then it's bad experience for anyone who tries to watch a video that is scheduled and not yet published. I hope RU-vid changes that somehow in the near future :)

@@wplearninglab Good Day Bjorn! Thanks again for the video. And ah, I understand regarding the unlisted video. This sounds like a quite a bit of work. I came back also to give you feedback on your advice in the videos. I gave myself a few days so that I can analyse the result of the adjustments. Just for context: I use hostinger Firstly. CPU usage is down as well as memory usage, I haven't had any faults that occurred in the past couple of days Secondly. I haven't had any xmlrpc attacks ever since I set this up. What I have noticed is that they don't give up and will try to spam your comments in your blogposts. I'm about to watch your video on akismet, a plugin that I have blatantly ignored to my own peril lol Thanks again Bjorn. I've subscribed and clicked the bell icon.

Thanks Osvaldo and thanks for watching!

Hi Mariana, disabling the XMLRPC.php file from both .htaccess and using a plugin wouldn't break anything, but you don't need to do both. Just one or the other. I hope that helps, thanks for watching!

That would be unfortunately, can you provide me with more details so that I can look into it?

Better late than never, right? If you subscribe you may get notifications sooner and for more videos.

You're welcome, thanks for watching! Let me know if you have any questions :)