WordPress plugin to remove all XML-RPC methods from the API.
WordPress plugin to remove all WordPress related XML-RPC methods from the API.
The plugin is an alternative to just using the xmlrpc_enabled hook, because that is only used "To disable XML-RPC methods that require authentication".
Activating this plugin will disable pingbacks and trackbacks, because these rely on XML-RPC.
Testing the plugin
From the command line you can test if the plugin is working correctly using cURL:
curl -d '<?xml version="1.0"?><methodCall><methodName>system.listMethods</methodName><params><param><value><string/></value></param></params></methodCall>' https://<your domain>/xmlrpc.php
This should only return
If the request returns methods starting with
wp. the plugin is not active.