Support » Plugin: Disable XML-RPC Pingback » Doesn't work

  • Doesn’t work on 4.2.4.

    For testing purposes i installed 2 plugins to compare :

    1. Disable XML-RPC Pingback from Samuel Aguilera
    2. Disable XML-RPC from Philipp Erb

    When 1 is activated, i am still able to post articles from 3 different applications.

    When 2 is activated, i get following message in all 3rd party applications :
    “XML-RPC services are disabled on this site”

    Samuel, instead of insulting people you should update you plugin.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Samuel Aguilera

    (@samuelaguilera)

    The plugin works perfectly. The plugin name says clearly that this plugin disables only the Pingback methods. And the description makes it more clear:

    Stops abuse of your site’s XML-RPC by simply removing some methods used by attackers. While you can use the rest of XML-RPC methods.

    This is more friendly than disabling totally XML-RPC, that it’s needed by some plugins and apps (I.e. Mobile apps or some Jetpack’s modules).

    Features
    Removes the following methods from XML-RPC interface.

    pingback.ping
    pingback.extensions.getPingbacks

    Also removes X-Pingback from HTTP headers. This will hopefully stops some bots from trying to hit your xmlrpc.php file.

    So if you can use a third-party app to post articles that’s expected with my plugin, that is not an issue because my plugin don’t touch the posting features. Disable XML-RPC from Philipp Erb is a totally different approach that disables XML-RPC interfacte completely, so you can’t compare both plugins.

    It’s clear that you don’t have read anything of the plugin description or even the name before installing it or create this totally wrong review.

    Thread Starter zoxee

    (@zoxee)

    Of course i read the description.

    Before 3.5 not only the pingbacks but the whole XML-RPC was considered
    a security whole by the WP devs themselves therefore it was COMPLETELY
    deactivated by default.

    If the pingbacks really were the only problem how come WP devs didn’t
    implement your plugin’f functionality inside of wordpress sincethen,
    so people are protected but are still able to use the communication functions ?

    Simple, because once you open XML-RPC partially, it is already a security risk,
    so they decided to leave it fully accessible and functional which isn’t right either,
    but i guess it’s to give people like you some work so they have their insignificant
    moment of glory. If they only did the job completely which you didn’t..

    Your plugin’s name begins with “Disable XML-RPC…” whichs what most non-techie
    people who just got aware of the risk will bother to read before they blindly download
    your plugin.

    This is misleading and you even admit it implicitely by writing :
    “This will HOPEFULLY stop some bots from trying to hit your xmlrpc.php file”

    The only way to close the security breach is to deactivate the sucker completely.
    Period. Have a nice day.

    Plugin Author Samuel Aguilera

    (@samuelaguilera)

    The purpose of the plugin is to disable the XML-RPC Pingback, and it does and works without any issue.

    It’s pretty clear that you’re giving a bad review based on your thoughts about the XML-RPC interface and not based on the plugin itself. This is not a place to write your opinion about the XML-RPC security risks. Your review is totally wrong and you know it.

    Plugin works as expected. Disables ping back. Nothing more.

    @zoxee Plugin works great. You, sir, do not!

    Check your brain for malware.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Doesn't work’ is closed to new replies.