Shield Security Pro Features

Disable XML-RPC & Anonymous REST API

Disable All Processing Of Unauthenticated REST API And XML-RPC Requests

Disabling requests to the REST API that aren't authenticated (i.e. username/password) eliminates abuse of the API. Disabling XML-RPC eliminates possible credential stuffing attacks and any XML-RPC attack vectors.

The REST API is a modern API protocol that comes activated on all WordPress sites. Use Shield to eliminate abuse of it. XML-RPC is an older API protocol that comes activated on all WordPress sites. There’s no good reason to leave XML-RPC attack vector lying open unless we really need to.

This Feature Is Part Of These Categories

Brute Force Protection

Brute Force Protection features prevent many different forms of attack on a site, including credential stuffing, Dictionary (Password) Attacks, Reverse Brute Force Attack, DoS attacks,

View Category


Features here are stand-alone security components designed to lockdown your WordPress and reduce your surface area for attack.

View Category


All features included with ShieldFREE WordPress plugin

View Category
Click to access the login or register cheese