WordPress Issue

XML-RPC reachable

The default XML-RPC endpoint is publicly reachable on the scanned WordPress site.

Quick win: Disable XML-RPC if no publishing workflow or integration needs it.

Run free scan Create account View Pro pricing All issue guides

Plan coverage for this workflow

Free includes SEO checks, crawl health, and WordPress security posture visibility. Pro unlocks full WordPress vulnerability intelligence, weekly vulnerability monitoring, and project-level security history.

Run free scan Compare Free vs Pro

Why it matters

XML-RPC is sometimes needed for integrations, but open access can increase abuse surface when not required.

How to fix

Disable XML-RPC if no publishing workflow or integration needs it.
If needed, restrict access with IP rules and rate limits.
Monitor authentication failures and keep plugins updated.

Related issue guides

wp-login reachable

Next step: run a fresh scan for current issue counts, then triage fixes in order. You can also browse by category in SEO checks and WordPress checks.