This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Disable XML-RPC & Unset X-Pingback

Description

This plugin disables the XML-RPC API on a WordPress site running 3.5 or above and unsets the X-Pingback header.

Beginning in 3.5, XML-RPC is enabled by default. Additionally, the option to disable/enable XML-RPC was removed. For various reasons, site owners may wish to disable this functionality. This plugin provides an easy way to do so.

Installation

  1. Upload the disable-xml-rpc directory to the /wp-content/plugins/ directory in your WordPress installation
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. XML-RPC is now disabled!

To re-enable XML-RPC, just deactivate the plugin through the ‘Plugins’ menu.

FAQ

Is there an admin interface for this plugin?

No. This plugin is as simple as XML-RPC is off (plugin activated) or XML-RPC is on (plugin is deactivated).

How do I know if the plugin is working?

There are two easy methods for checking if XML-RPC is off. First, try using an XML-RPC client, like the official WordPress mobile apps. Or you can try the XML-RPC Validator, written by Danilo Ercoli of the Automattic Mobile Team – the tool is available at http://xmlrpc.eritreo.it/ with a blog post about it at http://daniloercoli.com/2012/05/15/wordpress-xml-rpc-endpoint-validator/. If you host provides a caching service, make sure to clear your cache before you check with any of the validators.

Reviews

Works perfect

Completely disables the XML-RPC endpoint and also removes the “X-Pingback” header. No configuration needed. Just install and activate.

Read all 1 review

Contributors & Developers

“Disable XML-RPC & Unset X-Pingback” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

1.0

  • Initial release