Therefore, if you are not using XML-RPC, we recommend that you disable it.

[Mostafa044]

But with XML-RPC, a hacker can system.multicalluse the function to try thousands of passwords with, say, 20 or 50 requests.


There are 3 ways to disable XML-RPC in WordPress and we have covered all of them in our step-by-step guide on how to disable XML-RPC in WordPress .

Tip: The .htaccess method is the best because it is the least resource intensive. The other methods are easier for beginners.

Alternatively, this will be done automatically if you use a Web Application Firewall (WAF), as mentioned above.

[Back to top ↑]

Automatically log out idle users in WordPress
Logged-in users can sometimes walk away from the screen, list of bulgaria cell phone number which poses a security risk. Someone can hijack their session, change passwords, or make changes to their account.

This is why many banking and finance sites automatically log out inactive users. You can set up a similar feature on your WordPress site as well.

You need to install and activate the Inactive Logout plugin . After activation, go to the Settings ” Inactive Logout” page to adjust the logout settings.

Logout idle users
Simply set the time duration and add a logout message, then don't forget to click the "Save Changes" button at the bottom of the page to save your settings.