WordPress plugin to remove all XML-RPC methods from the API.

Installs: 66

Dependents: 1

Suggesters: 0

Security: 0

Type:wordpress-plugin 2021-10-02 13:21 UTC

This package is auto-updated.

Last update: 2023-03-01 00:54:54 UTC


WordPress plugin to remove all WordPress related XML-RPC methods from the API.

The plugin is an alternative to just using the xmlrpc_enabled hook, because that is only used "To disable XML-RPC methods that require authentication".

Activating this plugin will disable pingbacks and trackbacks, because these rely on XML-RPC.

Testing the plugin

From the command line you can test if the plugin is working correctly using cURL:

curl -d '<?xml version="1.0"?><methodCall><methodName>system.listMethods</methodName><params><param><value><string/></value></param></params></methodCall>' https://<your domain>/xmlrpc.php

This should only return system methods.

If the request returns methods starting with wp. the plugin is not active.


Walter Ebert