diff --git a/bitnami/wordpress-nginx/6/debian-11/rootfs/opt/bitnami/scripts/libwordpress.sh b/bitnami/wordpress-nginx/6/debian-11/rootfs/opt/bitnami/scripts/libwordpress.sh
index 3db0be8c1dc2..370bdf81ee32 100644
--- a/bitnami/wordpress-nginx/6/debian-11/rootfs/opt/bitnami/scripts/libwordpress.sh
+++ b/bitnami/wordpress-nginx/6/debian-11/rootfs/opt/bitnami/scripts/libwordpress.sh
@@ -92,6 +92,7 @@ wordpress_validate() {
     check_yes_no_value "WORDPRESS_SKIP_BOOTSTRAP"
     check_multi_value "WORDPRESS_AUTO_UPDATE_LEVEL" "major minor none"
     check_yes_no_value "WORDPRESS_ENABLE_REVERSE_PROXY"
+    check_yes_no_value "WORDPRESS_ENABLE_XML_RPC"
 
     # Multisite validations
     check_yes_no_value "WORDPRESS_ENABLE_MULTISITE"
@@ -726,6 +727,12 @@ wordpress_generate_web_server_configuration() {
         error "Unknown WordPress Multisite network mode"
         return 1
     fi
+
+    if ! is_boolean_yes "$WORDPRESS_ENABLE_XML_RPC"; then
+        apache_config+=$'\n'"$(render-template "${template_dir}/apache-wordpress-disable-xml-rpc.tpl")"
+        nginx_config+=$'\n'"$(render-template "${template_dir}/nginx-wordpress-disable-xml-rpc.tpl")"
+    fi
+
     web_server_config_create_flags+=("--apache-extra-directory-configuration" "$apache_config" "--nginx-additional-configuration" "$nginx_config")
     [[ -n "$nginx_external_config" ]] && web_server_config_create_flags+=("--nginx-external-configuration" "$nginx_external_config")
     ensure_web_server_app_configuration_exists "wordpress" --type "php" "${web_server_config_create_flags[@]}"
diff --git a/bitnami/wordpress-nginx/6/debian-11/rootfs/opt/bitnami/scripts/wordpress-env.sh b/bitnami/wordpress-nginx/6/debian-11/rootfs/opt/bitnami/scripts/wordpress-env.sh
index 9126f28812cf..ae52d2dee5fb 100644
--- a/bitnami/wordpress-nginx/6/debian-11/rootfs/opt/bitnami/scripts/wordpress-env.sh
+++ b/bitnami/wordpress-nginx/6/debian-11/rootfs/opt/bitnami/scripts/wordpress-env.sh
@@ -47,6 +47,7 @@ wordpress_env_vars=(
     WORDPRESS_LOGGED_IN_SALT
     WORDPRESS_NONCE_SALT
     WORDPRESS_ENABLE_REVERSE_PROXY
+    WORDPRESS_ENABLE_XML_RPC
     WORDPRESS_USERNAME
     WORDPRESS_PASSWORD
     WORDPRESS_EMAIL
@@ -144,6 +145,7 @@ export WORDPRESS_SECURE_AUTH_SALT="${WORDPRESS_SECURE_AUTH_SALT:-}"
 export WORDPRESS_LOGGED_IN_SALT="${WORDPRESS_LOGGED_IN_SALT:-}"
 export WORDPRESS_NONCE_SALT="${WORDPRESS_NONCE_SALT:-}"
 export WORDPRESS_ENABLE_REVERSE_PROXY="${WORDPRESS_ENABLE_REVERSE_PROXY:-no}" # only used during the first initialization
+export WORDPRESS_ENABLE_XML_RPC="${WORDPRESS_ENABLE_XML_RPC:-no}"
 
 # WordPress credentials
 export WORDPRESS_USERNAME="${WORDPRESS_USERNAME:-user}" # only used during the first initialization
diff --git a/bitnami/wordpress-nginx/6/debian-11/rootfs/opt/bitnami/scripts/wordpress/bitnami-templates/apache-wordpress-disable-xml-rpc.tpl b/bitnami/wordpress-nginx/6/debian-11/rootfs/opt/bitnami/scripts/wordpress/bitnami-templates/apache-wordpress-disable-xml-rpc.tpl
new file mode 100644
index 000000000000..e74f36415dcb
--- /dev/null
+++ b/bitnami/wordpress-nginx/6/debian-11/rootfs/opt/bitnami/scripts/wordpress/bitnami-templates/apache-wordpress-disable-xml-rpc.tpl
@@ -0,0 +1,8 @@
+# BEGIN Disable WordPress XML-RPC endpoint
+# Disable the outdated WordPress XML-RPC endpoint to prevent security vulnerabilities.
+# https://github.com/bitnami/containers/pull/51077
+<Files xmlrpc.php>
+Order Allow,Deny
+Deny from all
+</Files>
+# END Disable WordPress XML-RPC endpoint
diff --git a/bitnami/wordpress-nginx/6/debian-11/rootfs/opt/bitnami/scripts/wordpress/bitnami-templates/nginx-wordpress-disable-xml-rpc.tpl b/bitnami/wordpress-nginx/6/debian-11/rootfs/opt/bitnami/scripts/wordpress/bitnami-templates/nginx-wordpress-disable-xml-rpc.tpl
new file mode 100644
index 000000000000..134489d2f4ff
--- /dev/null
+++ b/bitnami/wordpress-nginx/6/debian-11/rootfs/opt/bitnami/scripts/wordpress/bitnami-templates/nginx-wordpress-disable-xml-rpc.tpl
@@ -0,0 +1,7 @@
+# BEGIN Disable WordPress XML-RPC endpoint
+# Disable the outdated WordPress XML-RPC endpoint to prevent security vulnerabilities.
+# https://github.com/bitnami/containers/pull/51077
+location = /xmlrpc.php {
+    deny all;
+}
+# END Disable WordPress XML-RPC endpoint
diff --git a/bitnami/wordpress-nginx/README.md b/bitnami/wordpress-nginx/README.md
index 401c04f5028a..2c6a8b679699 100644
--- a/bitnami/wordpress-nginx/README.md
+++ b/bitnami/wordpress-nginx/README.md
@@ -240,6 +240,7 @@ Available environment variables:
 - `WORDPRESS_SKIP_BOOTSTRAP`: Skip the WordPress installation wizard. This is necessary when providing a database with existing WordPress data. Default: **no**
 - `WORDPRESS_AUTO_UPDATE_LEVEL`: Level of auto-updates to allow for the WordPress core installation. Valid values: `major`, `minor`, `none`. Default: **none**
 - `WORDPRESS_ENABLE_REVERSE_PROXY`: Enable WordPress support for reverse proxy headers. Default: **no**
+- `WORDPRESS_ENABLE_XML_RPC`: Enable the WordPress XML-RPC endpoint. Default: **no**
 
 #### Multisite configuration
 
diff --git a/bitnami/wordpress/6/debian-11/rootfs/opt/bitnami/scripts/libwordpress.sh b/bitnami/wordpress/6/debian-11/rootfs/opt/bitnami/scripts/libwordpress.sh
index 3db0be8c1dc2..370bdf81ee32 100644
--- a/bitnami/wordpress/6/debian-11/rootfs/opt/bitnami/scripts/libwordpress.sh
+++ b/bitnami/wordpress/6/debian-11/rootfs/opt/bitnami/scripts/libwordpress.sh
@@ -92,6 +92,7 @@ wordpress_validate() {
     check_yes_no_value "WORDPRESS_SKIP_BOOTSTRAP"
     check_multi_value "WORDPRESS_AUTO_UPDATE_LEVEL" "major minor none"
     check_yes_no_value "WORDPRESS_ENABLE_REVERSE_PROXY"
+    check_yes_no_value "WORDPRESS_ENABLE_XML_RPC"
 
     # Multisite validations
     check_yes_no_value "WORDPRESS_ENABLE_MULTISITE"
@@ -726,6 +727,12 @@ wordpress_generate_web_server_configuration() {
         error "Unknown WordPress Multisite network mode"
         return 1
     fi
+
+    if ! is_boolean_yes "$WORDPRESS_ENABLE_XML_RPC"; then
+        apache_config+=$'\n'"$(render-template "${template_dir}/apache-wordpress-disable-xml-rpc.tpl")"
+        nginx_config+=$'\n'"$(render-template "${template_dir}/nginx-wordpress-disable-xml-rpc.tpl")"
+    fi
+
     web_server_config_create_flags+=("--apache-extra-directory-configuration" "$apache_config" "--nginx-additional-configuration" "$nginx_config")
     [[ -n "$nginx_external_config" ]] && web_server_config_create_flags+=("--nginx-external-configuration" "$nginx_external_config")
     ensure_web_server_app_configuration_exists "wordpress" --type "php" "${web_server_config_create_flags[@]}"
diff --git a/bitnami/wordpress/6/debian-11/rootfs/opt/bitnami/scripts/wordpress-env.sh b/bitnami/wordpress/6/debian-11/rootfs/opt/bitnami/scripts/wordpress-env.sh
index 9126f28812cf..ae52d2dee5fb 100644
--- a/bitnami/wordpress/6/debian-11/rootfs/opt/bitnami/scripts/wordpress-env.sh
+++ b/bitnami/wordpress/6/debian-11/rootfs/opt/bitnami/scripts/wordpress-env.sh
@@ -47,6 +47,7 @@ wordpress_env_vars=(
     WORDPRESS_LOGGED_IN_SALT
     WORDPRESS_NONCE_SALT
     WORDPRESS_ENABLE_REVERSE_PROXY
+    WORDPRESS_ENABLE_XML_RPC
     WORDPRESS_USERNAME
     WORDPRESS_PASSWORD
     WORDPRESS_EMAIL
@@ -144,6 +145,7 @@ export WORDPRESS_SECURE_AUTH_SALT="${WORDPRESS_SECURE_AUTH_SALT:-}"
 export WORDPRESS_LOGGED_IN_SALT="${WORDPRESS_LOGGED_IN_SALT:-}"
 export WORDPRESS_NONCE_SALT="${WORDPRESS_NONCE_SALT:-}"
 export WORDPRESS_ENABLE_REVERSE_PROXY="${WORDPRESS_ENABLE_REVERSE_PROXY:-no}" # only used during the first initialization
+export WORDPRESS_ENABLE_XML_RPC="${WORDPRESS_ENABLE_XML_RPC:-no}"
 
 # WordPress credentials
 export WORDPRESS_USERNAME="${WORDPRESS_USERNAME:-user}" # only used during the first initialization
diff --git a/bitnami/wordpress/6/debian-11/rootfs/opt/bitnami/scripts/wordpress/bitnami-templates/apache-wordpress-disable-xml-rpc.tpl b/bitnami/wordpress/6/debian-11/rootfs/opt/bitnami/scripts/wordpress/bitnami-templates/apache-wordpress-disable-xml-rpc.tpl
new file mode 100644
index 000000000000..e74f36415dcb
--- /dev/null
+++ b/bitnami/wordpress/6/debian-11/rootfs/opt/bitnami/scripts/wordpress/bitnami-templates/apache-wordpress-disable-xml-rpc.tpl
@@ -0,0 +1,8 @@
+# BEGIN Disable WordPress XML-RPC endpoint
+# Disable the outdated WordPress XML-RPC endpoint to prevent security vulnerabilities.
+# https://github.com/bitnami/containers/pull/51077
+<Files xmlrpc.php>
+Order Allow,Deny
+Deny from all
+</Files>
+# END Disable WordPress XML-RPC endpoint
diff --git a/bitnami/wordpress/6/debian-11/rootfs/opt/bitnami/scripts/wordpress/bitnami-templates/nginx-wordpress-disable-xml-rpc.tpl b/bitnami/wordpress/6/debian-11/rootfs/opt/bitnami/scripts/wordpress/bitnami-templates/nginx-wordpress-disable-xml-rpc.tpl
new file mode 100644
index 000000000000..134489d2f4ff
--- /dev/null
+++ b/bitnami/wordpress/6/debian-11/rootfs/opt/bitnami/scripts/wordpress/bitnami-templates/nginx-wordpress-disable-xml-rpc.tpl
@@ -0,0 +1,7 @@
+# BEGIN Disable WordPress XML-RPC endpoint
+# Disable the outdated WordPress XML-RPC endpoint to prevent security vulnerabilities.
+# https://github.com/bitnami/containers/pull/51077
+location = /xmlrpc.php {
+    deny all;
+}
+# END Disable WordPress XML-RPC endpoint
diff --git a/bitnami/wordpress/README.md b/bitnami/wordpress/README.md
index 095176a1c09f..6484998b6ac4 100644
--- a/bitnami/wordpress/README.md
+++ b/bitnami/wordpress/README.md
@@ -246,6 +246,7 @@ Available environment variables:
 - `WORDPRESS_SKIP_BOOTSTRAP`: Skip the WordPress installation wizard. This is necessary when providing a database with existing WordPress data. Default: **no**
 - `WORDPRESS_AUTO_UPDATE_LEVEL`: Level of auto-updates to allow for the WordPress core installation. Valid values: `major`, `minor`, `none`. Default: **none**
 - `WORDPRESS_ENABLE_REVERSE_PROXY`: Enable WordPress support for reverse proxy headers. Default: **no**
+- `WORDPRESS_ENABLE_XML_RPC`: Enable the WordPress XML-RPC endpoint. Default: **no**
 
 #### Salt and keys configuration