xmlrpc.php file necessary? Getting hacked – can I remove the file?

Can I remove the file?

Yes. You can safely delete it. But – assuming your are using the latest version of WordPress, and you should – you don’t really need to. As of 2.6 you can deactivate XML-RPC from within your Dashboard. Settings -> Writing and scroll down to Remote Publishing where you will see a checkbox to activate/deactivate remote publishing. (Enable the WordPress, Movable Type, MetaWeblog and Blogger XML-RPC publishing protocols.)

If you’re constantly getting hacked make sure you’re using the latest version of WP. Have you checked your plugins? Perhaps you’re using an outdated/vulnerable one? You may want to read Hardening WordPress.

https://www.ads-software.com/support/topic/190423?replies=1

you wrote:

I already have /wp-db-backup plugin installed but want to backup images and other files just in case of HDD failure or system hacks.

https://www.ads-software.com/support/topic/200372?replies=8

https://www.ads-software.com/support/topic/187723?replies=5

you wrote, in reply to someone else being hacked:

I’m having the same problem.

The above thread is 2 months old – You were never un-hacked properly.