wee / wee-remove-xmlrpc-methods
WordPress plugin to remove all XML-RPC methods from the API.
1.4.0.3
2021-10-02 13:21 UTC
Requires
- php: ^5.4 || ^7.0 || ^8.0
Requires (Dev)
- composer/installers: ~1.8
- dealerdirect/phpcodesniffer-composer-installer: ^0.7.1
- phpcompatibility/php-compatibility: ^9.3.5
- squizlabs/php_codesniffer: ^3.3.1
- wp-coding-standards/wpcs: ^2.2.1
README
WordPress plugin to remove all WordPress related XML-RPC methods from the API.
The plugin is an alternative to just using the xmlrpc_enabled hook, because that is only used "To disable XML-RPC methods that require authentication".
Activating this plugin will disable pingbacks and trackbacks, because these rely on XML-RPC.
Testing the plugin
From the command line you can test if the plugin is working correctly using cURL:
curl -d '<?xml version="1.0"?><methodCall><methodName>system.listMethods</methodName><params><param><value><string/></value></param></params></methodCall>' https://<your domain>/xmlrpc.php
This should only return system
methods.
If the request returns methods starting with wp.
the plugin is not active.