Plugin Directory

Test out the new Plugin Directory and let us know what you think.
!This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Prevent XMLRPC

Totally disables XMLRPC, preventing the recent Pingback spam vulnerability.

There's a vulnerability in WordPress's XMLRPC implementation, that permits trackback spam - even when you disable trackbacks.

The only way to prevent this spam is to disable XMLRPC entirely. Some people have suggested renaming or deleting the xmlrpc.php file, but this is not a good idea, because it's altering core code and not trivial for novice users to undo.

This plugin completely disables WordPress's XMLRPC functions, and doesn't alter or rename any core files. You can enable XMLRPC again by simply disabling this plugin.

See http://www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/ for detailed information about the vulnerability in WordPress's XMLRPC handler.

Requires: 3.0.1 or higher
Compatible up to: 3.5.2
Last Updated: 4 years ago
Active Installs: 2,000+


3.7 out of 5 stars


Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.