wee/wee-remove-xmlrpc-methods

WordPress plugin to remove all XML-RPC methods from the API.

Maintainers

Details

gitlab.com/walterebert/wee-remove-xmlrpc-methods

Homepage

Source

Issues

Installs: 74

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Forks: 0

Type:wordpress-plugin

1.4.1.1 2024-11-25 08:38 UTC

Requires

  • php: ^5.4 || ^7.0 || ^8.0

Requires (Dev)

GPL-2.0-or-later 4031f814132edd76aa806e065519ecb19e31df13

This package is auto-updated.

Last update: 2025-04-25 09:15:55 UTC

README

WordPress plugin to remove all WordPress XML-RPC methods from the API to increase security.

This plugin does more than just using the xmlrpc_enabled hook, because that is only used “To disable XML-RPC methods that require authentication”.

Activating this plugin will also disable pingbacks, trackbacks, and Really Simple Discovery (RSD), because these rely on XML-RPC.

It works with any webserver, because it does not use the .htaccess file.

Testing the plugin

From the command line you can test if the plugin is working correctly using cURL. Replace the example.com link to match your website:

curl -d '<?xml version="1.0"?><methodCall><methodName>system.listMethods</methodName><params><param><value><string/></value></param></params></methodCall>' https://example.com/xmlrpc.php

This should only return the following methods:

  • system.multicall
  • system.listMethods
  • system.getCapabilities

Author

Walter Ebert

License

GPL-2.0-or-later