XML-RPC is a remote procedure call protocol that allows anyone to interact with your WordPress website remotely. In other words, it’s a way to manage your site without having to log in manually via the standard “wp-login.php” page. It’s widely used by plugins, most famously by Automattic’s own Jetpack plugin. These days, however, the word “XML-RPC” has gotten a bad name. In this tutorial, we will explain what is WordPress XML-RPC and how to stop an XML-RPC attack on your WordPress website.