This plugin hasn’t been tested with the latest three major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Disable XML-RPC & Unset X-Pingback

Description

This plugin disables the XML-RPC API on a WordPress site running 3.5 or above and unsets the X-Pingback header.

Beginning in 3.5, XML-RPC is enabled by default. Additionally, the option to disable/enable XML-RPC was removed. For various reasons, site owners may wish to disable this functionality. This plugin provides an easy way to do so.

Installation

  1. Upload the disable-xml-rpc directory to the /wp-content/plugins/ directory in your WordPress installation
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. XML-RPC is now disabled!

To re-enable XML-RPC, just deactivate the plugin through the ‘Plugins’ menu.

FAQ

Is there an admin interface for this plugin?

No. This plugin is as simple as XML-RPC is off (plugin activated) or XML-RPC is on (plugin is deactivated).

How do I know if the plugin is working?

There are two easy methods for checking if XML-RPC is off. First, try using an XML-RPC client, like the official WordPress mobile apps. Or you can try the XML-RPC Validator, written by Danilo Ercoli of the Automattic Mobile Team – the tool is available at http://xmlrpc.eritreo.it/ with a blog post about it at http://daniloercoli.com/2012/05/15/wordpress-xml-rpc-endpoint-validator/. If you host provides a caching service, make sure to clear your cache before you check with any of the validators.

Reviews

3 September 2016
Completely disables the XML-RPC endpoint and also removes the “X-Pingback” header. No configuration needed. Just install and activate.
Read all 1 review

Contributors and Developers

“Disable XML-RPC & Unset X-Pingback” is open source software. The following people have contributed to this plugin.

Contributors

Change Log

1.0

  • Initial release