Why do you block XML-RPC for all hosting clients?

LittleBizzy disables and blocks XML-RPC on all domains hosted in our network. We made this decision after consulting with DigitalOcean on several series of attacks happening against our clients and because of the fact that 99% of WordPress websites do not use (or need) the functionality of XML-RPC.

Firstly we install the free Disable XML-RPC plugin for WordPress. Secondly we block access to the /xmlrpc.php file using Nginx rules. Thirdly we encourage webmasters to uncheck the box that says “allow pingbacks/trackbacks” under Settings >> Discussion as this won’t work in our hosting network anyway (even with the Disable XML-RPC plugin deleted).

At this time we do not plan on allowing XML-RPC on any of our hosted domains now or in the future. If you have feedback however, we welcome it at anytime. Thanks!