The WordPress System Lockdown feature's purpose is to lockdown certain core WordPress system features.
Recommendation: This depends on your usage and needs for certain WordPress functions and features.
The WordPress System Lockdown options explanations
Option: Disable XML-RPC
This option's purpose is to protect you against any possible XML-RPC brute force login attacks.
Important: If this option is disabled, you should be aware of the certain implications.
If you want to completely turn off the whole XML-RPC system, click the slider.
How to check and confirm XML-RPC functionality is disabled?
There is a very simple website provided to help you confirm that your XML-RPC is disabled.
- Go to: http://xmlrpc.eritreo.it/
- Enter your WordPress site URL in the ‘Address’ field
- Click the ‘Check’ button.
You should receive a response page detailing how your XML-RPC server isn’t available.
To learn more about the XML-RPC system, read the blog article here.
Option: Disable Anonymous Rest API
This option helps you to disable anonymous access to the REST API.
If you want to disable anonymous access to the REST API, click the slider.