Hi @hiskingdomprophecy,
No that is probably not possible from within the .htaccess file.
The good news is that these specific (Apache web server) log entries (notices) can probably be suppressed from the web server configuration.
Check out the link below:
Suppress “client denied by server configuration” Notices
It’s probably best to contact your webhosting to request the necessary web server config change.
+++ To prevent any confusion, I’m not SolidWP +++
-
This reply was modified 10 months, 2 weeks ago by
nlpro.
Thread Starter
HKP
(@hiskingdomprophecy)
@nlpro
Thanks greatly for the follow up!
I guessed that may be your answer, but as I have no skills of knowledge in this area, you reply and the links are most helpful. Now I know what to look for 🙂
Thanks, so very much!
Thread Starter
HKP
(@hiskingdomprophecy)
@nlpro
FYI: Found three solutions for how to avoid a denial of xmlrpc.php showing as a server error:
Option 1: Disable via WordPress Filter (cleanest way)
Add this to your theme’s functions.php
add_filter('xmlrpc_enabled', '__return_false');
Option 2: Custom .htaccess Rule (No Error, Just Quiet Denial)
<Files xmlrpc.php> SetEnvIf Request_Method "POST" block_xmlrpc Order Allow,Deny Allow from all Deny from env=block_xmlrpc </Files>
Option 3: Custom Response via Plugin
add_action('init', function() { if (strpos($_SERVER['REQUEST_URI'], 'xmlrpc.php') !== false) { header('Content-Type: text/plain'); echo 'XML-RPC is disabled.'; exit; } });
Regards and thanks!
Hi @hiskingdomprophecy,
Thank you for sharing that info.
About option 1, according to the WordPress Developer code reference:
Description
Contrary to the way it’s named, this filter does not control whether XML-RPC is fully enabled, rather, it only controls whether XML-RPC methods requiring authentication – such as for publishing purposes – are enabled.
Further, the filter does not control whether pingbacks or other custom endpoints that don’t require authentication are enabled. This behavior is expected, and due to how parity was matched with the enable_xmlrpc UI option the filter replaced when it was introduced in 3.5.
Also note that the SolSec plugin implements disabling XMLRPC in two ways (~fallback mechanism), in the .htaccess file and by hooking into the xmlrpc_enabled filter.
