The WordPress System Lockdown feature's purpose is to lockdown certain core WordPress system features.


Recommendation: This depends on your usage and needs for certain WordPress functions and features.

The WordPress System Lockdown options explanations

Option: Disable XML-RPC

This option's purpose is to protect you against any possible XML-RPC brute force login attacks.


Important: If this option is disabled, you should be aware of the certain implications.


If you want to completely turn off the whole XML-RPC system, click the slider.

How to check and confirm XML-RPC functionality is disabled?

There is a very simple website provided to help you confirm that your XML-RPC is disabled.

  1. Go to: http://xmlrpc.eritreo.it/
  2. Enter your WordPress site URL in the ‘Address’ field
  3. Click the ‘Check’ button.

You should receive a response page detailing how your XML-RPC server isn’t available.


To learn more about the XML-RPC system, read the blog article here.

Option: Disable Anonymous Rest API

This option helps you to disable anonymous access to the REST API.


If you want to disable anonymous access to the REST API, click the slider.