{"id":121603,"date":"2020-05-19T12:36:15","date_gmt":"2020-05-19T12:36:15","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/simple-xml-rpc-pingback-disabler\/"},"modified":"2021-05-15T07:26:02","modified_gmt":"2021-05-15T07:26:02","slug":"simple-xml-rpc-pingback-disabler","status":"publish","type":"plugin","link":"https:\/\/pcd.wordpress.org\/plugins\/simple-xml-rpc-pingback-disabler\/","author":17994981,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.1.0","stable_tag":"1.1.0","tested":"5.7.15","requires":"4.8","requires_php":"5.6","requires_plugins":"","header_name":"Simple XML-RPC Pingback Disabler","header_author":"Vikash Chand","header_description":"This plugin simply disables only the XML-RPC API Pingback Methods used by hackers on a WordPress site, providing an easy and simple way to disable\/enable XML-RPC API Pingback Methods without completely disabling the XML-RPC API, which is used by some plugins and applications (i.e. mobile apps or a few Jetpack modules).","assets_banners_color":"ccced0","last_updated":"2021-05-15 07:26:02","external_support_url":"","external_repository_url":"","donate_link":"http:\/\/vikash.ch\/","header_plugin_uri":"https:\/\/wordpress.org\/plugins\/simple-xml-rpc-pingback-disabler","header_author_uri":"http:\/\/vikash.ch","rating":0,"author_block_rating":0,"active_installs":10,"downloads":1102,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"vikichand","date":"2020-05-19 12:35:55"},"1.1.0":{"tag":"1.1.0","author":"vikichand","date":"2021-05-15 07:26:02"}},"upgrade_notice":{"1.1.0":"<ul>\n<li>Tested ready for WordPress 5.7.0+<\/li>\n<\/ul>"},"ratings":[],"assets_icons":{"icon-128x128.jpg":{"filename":"icon-128x128.jpg","revision":2532098,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.jpg":{"filename":"icon-256x256.jpg","revision":2307965,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-772x250.jpg":{"filename":"banner-772x250.jpg","revision":2307965,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.1.0"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"Simple XML-RPC Disabler"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[13866,22966,748,6558,14731],"plugin_category":[],"plugin_contributors":[185703],"plugin_business_model":[],"class_list":["post-121603","plugin","type-plugin","status-publish","hentry","plugin_tags-ddos","plugin_tags-rpc","plugin_tags-xml","plugin_tags-xml-rpc","plugin_tags-xmlrpc","plugin_contributors-vikichand","plugin_committers-vikichand"],"banners":{"banner":"https:\/\/ps.w.org\/simple-xml-rpc-pingback-disabler\/assets\/banner-772x250.jpg?rev=2307965","banner_2x":false,"banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/simple-xml-rpc-pingback-disabler\/assets\/icon-128x128.jpg?rev=2532098","icon_2x":"https:\/\/ps.w.org\/simple-xml-rpc-pingback-disabler\/assets\/icon-256x256.jpg?rev=2307965","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<h4>What Is xmlrpc.php?<\/h4>\n\n<p><a href=\"http:\/\/www.xmlrpc.com\/\">XML-RPC<\/a> is a remote procedure call (RPC) protocol, a feature included in WordPress, which enables data to be transmitted. It uses HTTP as the transport mechanism, and XML to encode its calls.<\/p>\n\n<p>Unless you use remote technologies and mobile applications to update your WordPress site, you might not be familiar with XML-RPC. For the uninitiated, you can use xmlrpc.php to establish a remote connection to WordPress, and make updates to your site without directly logging in to your WordPress system.<\/p>\n\n<p>XML-RPC is indeed useful for enabling remote connections between various external applications and WordPress. On the other hand, disabling this feature can help improve your site\u2019s security.<\/p>\n\n<h4>Why You Should Disable xmlrpc.php?<\/h4>\n\n<p>The problem is that xmlrpc.php poses a security risk. It creates an additional access point to your site, which could leave it vulnerable to external attacks. Every time you authenticate XML-RPC, you need to supply your username and password. As you can imagine, this isn\u2019t exactly ideal for security purposes.<\/p>\n\n<p>For example, in order to prevent brute force attacks, you can limit login attempts on your WordPress site. However, with XML-RPC enabled, that limit does not exist. There\u2019s no capping on login attempts, which means it\u2019s only a matter of time before a determined cybercriminal gains access.<\/p>\n\n<p>By disabling the feature, you are closing a potential area of entry for hackers.<\/p>\n\n<p>XML-RPC functionality is turned on by default since WordPress 3.5. This plugin simply disables only the XML-RPC API Pingback Methods used by hackers on a WordPress site, providing an easy and simple way to disable\/enable XML-RPC API Pingback Methods without completely disabling the XML-RPC API, which is used by some plugins and applications (i.e. mobile apps or a few Jetpack modules).<\/p>\n\n<h4>Features<\/h4>\n\n<p>Removes the following methods from the XML-RPC API interface.<\/p>\n\n<ul>\n<li>pingback.ping<\/li>\n<li>pingback.extensions.getPingbacks<\/li>\n<li>X-Pingback from HTTP headers<\/li>\n<\/ul>\n\n<h4>Requirements<\/h4>\n\n<ul>\n<li>WordPress 3.8.1 or higher.<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the simple-xml-rpc-disabler directory to the <code>\/wp-content\/plugins\/<\/code> directory in your WordPress installation<\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress<\/li>\n<li>XML-RPC Pingback Methods are now disabled!<\/li>\n<\/ol>\n\n<p>To re-enable XML-RPC, just deactivate the plugin through the 'Plugins' menu in WordPress.<\/p>\n\n<!--section=faq-->\n<dl>\n<dt id='why%20this%20plugin%3F'><h3>Why this plugin?<\/h3><\/dt>\n<dd><p>This plugin disables <strong>only<\/strong> the XML-RPC API <strong>Pingback Methods<\/strong> that can be used by hackers on a WordPress site, providing an easy and simple way to disable\/enable XML-RPC API Pingback Methods without completely disabling the XML-RPC API, which is used by some plugins and applications (i.e. mobile apps or a few Jetpack modules).<\/p><\/dd>\n<dt id='how%20to%20know%20if%20the%20plugin%20is%20working%3F'><h3>How to know if the plugin is working?<\/h3><\/dt>\n<dd><p>You can try the <a href=\"http:\/\/xmlrpc.eritreo.it\/\">XML-RPC Validator<\/a>, written by Danilo Ercoli. Keep in mind that you want the validator to fail and tell you that XML-RPC services are disabled.<\/p><\/dd>\n<dt id='plugin%20seems%20broken%20...'><h3>Plugin seems broken ...<\/h3><\/dt>\n<dd><p>If the plugin is activated, but XML-RPC appears to still be enabled or if the plugin is deactivated, but XML-RPC appears to still be disabled, then it's possible that another plugin or the theme functions is affecting the xmlrpc_enabled filter. Additionally, server configurations could be blocking XML-RPC (i.e. blocking access to xmlrpc.php with the .htaccess file).<\/p>\n\n<pre><code>&lt;Files xmlrpc.php&gt;\nOrder allow,deny\nDeny from all\nAllow from 123.123.123.123\n&lt;\/Files&gt;\n<\/code><\/pre><\/dd>\n<dt id='will%20disabling%20xml-rpc%20affect%20seo%3F'><h3>Will disabling XML-RPC affect SEO?<\/h3><\/dt>\n<dd><p>The XML-RPC API or xmlrpc.php for WordPress, has nothing to do with SEO.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<\/ul>\n\n<h4>1.1.0<\/h4>\n\n<ul>\n<li>Tested ready for WordPress 5.7.0+<\/li>\n<\/ul>","raw_excerpt":"This plugin simply disables only the XML-RPC API Pingback Methods used by hackers on a WordPress site, providing an easy and simple way to disable\/ena &hellip;","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/121603","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=121603"}],"author":[{"embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/vikichand"}],"wp:attachment":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=121603"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=121603"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=121603"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=121603"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=121603"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=121603"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}