diff --git a/src/nginxconfig/generators/conf/wordpress.conf.js b/src/nginxconfig/generators/conf/wordpress.conf.js
index 1c8e2b0..660f1fe 100644
--- a/src/nginxconfig/generators/conf/wordpress.conf.js
+++ b/src/nginxconfig/generators/conf/wordpress.conf.js
@@ -54,10 +54,17 @@ export default (global, domain) => {
     };
 
     config['# WordPress: deny general stuff'] = '';
-    config['location ~* ^/(?:xmlrpc\\.php|wp-links-opml\\.php|wp-config\\.php|wp-config-sample\\.php|readme\\.html|license\\.txt)$'] = {
+    config['location ~* ^/(?:wp-links-opml\\.php|wp-config\\.php|wp-config-sample\\.php|readme\\.html|license\\.txt)$'] = {
         deny: 'all',
     };
 
+    if(global.security.wpDisableXmlrpc.computed){
+        config["# Wordpress: deny xmlrpc, required for mobile and desktop apps"] = ''
+        config['location ~* ^/(?:xmlrpc\\.php)$'] = {
+            deny:'all'
+        }
+    }
+
     if (global.security.limitReq.computed) {
         config['# WordPress: throttle wp-login.php'] = '';
         config['location = /wp-login.php'] = {
diff --git a/src/nginxconfig/templates/global_sections/security.vue b/src/nginxconfig/templates/global_sections/security.vue
index 694b222..3fda78b 100644
--- a/src/nginxconfig/templates/global_sections/security.vue
+++ b/src/nginxconfig/templates/global_sections/security.vue
@@ -121,6 +121,23 @@ THE SOFTWARE.
             </div>
         </div>
 
+        <div class="field is-horizontal">
+            <div class="field-label">
+                <label class="label">disable xmlrc</label>
+            </div>
+            <div class="field-body">
+                <div class="field">
+                    <div :class="`control${wpDisableXmlrpc ? ' is-changed' : ''}`">
+                        <div class="checkbox">
+                            <PrettyCheck v-model="wpDisableXmlrpc" class="p-default p-curve p-fill p-icon">
+                                {{ $t('common.enable') }}
+                            </PrettyCheck>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+
         <div class="field is-horizontal">
             <div class="field-label">
                 <label class="label">security.txt</label>
@@ -191,6 +208,10 @@ THE SOFTWARE.
             default: false,
             enabled: true,
         },
+        wpDisableXmlrpc:{
+            default: true,
+            enabled: true,
+        },
         limitReq: {
             default: false,
             enabled: true,
diff --git a/src/nginxconfig/util/angular_backwards_compatibility.js b/src/nginxconfig/util/angular_backwards_compatibility.js
index 117d6fd..3d5d625 100644
--- a/src/nginxconfig/util/angular_backwards_compatibility.js
+++ b/src/nginxconfig/util/angular_backwards_compatibility.js
@@ -39,6 +39,7 @@ const globalMap = {
     content_security_policy:    ['security', 'contentSecurityPolicy'],
     server_tokens:              ['security', 'serverTokens', oldBool],
     limit_req:                  ['security', 'limitReq', oldBool],
+    wp_disable_xmlrpc:          ['security','wpDisableXmlrpc', oldBool],
 
     php_server:                 ['php', 'phpServer'],
     php_server_backup:          ['php', 'phpBackupServer'],