Hi,
Thank you for this but the question is …
With the latest version of WP, Is there still a need to continue using Disable XML-RPC?
Many Thanks for its use over the years ??
]]>Reports of this plugin’s death have been greatly exaggerated!
The truth is that this plugin is extremely simple – it’s one line of code, which uses the built-in WordPress filter (available since WordPress 3.5) to disable XML-RPC. That’s it! I created it as a simple way to toggle that setting – when the plugin is enabled, XML-RPC is disabled. When the plugin is disabled, XML-RPC is disabled.
As such, I haven’t always been great about updating the readme file to indicate the latest compatible version – which has been poor customer service on my part. But I assure you, it’s done its job since WordPress 3.5 and, as long as WordPress core doesn’t remove the filter, will continue to do so!
]]>Apologies, it appears this is a problem with a different plugin with a similar name.
]]>Hi
I’ve got a Wordfence alert.
File modified. This line has disappared:
delete_option(‘pand-‘ . md5(‘dsxmlrpc-notice’) );
Is it on purpose? Or…
Best
SA
Hi there, plugin still working well as I just checked on https://xmlrpc.eritreo.it/, but there was no update since 1 year. Only tested with 5.1.5! Will you keep on supporting and updating this plugin, so we can be sure it’s still compatible with latest WordPress? I am using it on several customer-sites and would love to do so further.
Greetings, Gunther
I have activated it and it doesn’t work for me
I have cleared the cache
https://prntscr.com/p31c4m
My website is being DDOS by xmlrpc method. Will your plugin stop it? I am using nginx on cPanel.
]]>Hi Phil
Are you still supporting/maintaining this plugin?
Its just it hasn’t been updated in a while and is in danger of being declared ‘Abandoned’.
Kind Regards
]]>Does this plugin work ok with dynamic IP addresses? Obviously it works well with static ones. But most domestic IP addresses are Dynamic and with Dynamic IP addresses are you still able to login to your site if your IP address is changed by your service provider whilst this plugin is installed? Many thanks
]]>Hi,
my blog is https://www.allinallnews.com/. Today My blog admin panel was trying to access via XMLRPC, but luckly I Installed wordfence. And today now I found your plugin to safe this, but tell me what is the disadvange of block XMLRPC?
Should I use your plugin or Block via .Htacess file
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from 123.123.123.123
</Files>
Does this plugin write anything to the database ?
In the event I have to UN-install the plugin due to incompatabilty, will it leave anything residual in the database that we will have to MANUALLY clean up ?
Or is the COMPLETE deletion from the WP site a clean one ?
]]>What exactly is ” XML-RPC ” used for ?
And what will DIS-abling it affect ?
Will it affect SEO or Click Ads ?
]]>Hi,
I just activated this plugin because I seem to be getting a lot of login attempts and I read that xmlprc is one way to hack a site.
But now on further reading I’ve discovered that JetPack uses xmlrpc to do what it does. I’ve been using JetPack ever since I started my site and would like to continue.
Do I need to disable this plugin to keep JetPack working?
Thanks for your help with this issue.
Cathy
]]>Prior to upgrading from 4.7.0, this plugin worked, however, immediately after upgrading WP core to 4.7.1, the link tag with the xmlrpc.php link re-appears, and can’t get it remove.
]]>I have your plugin installed and activated but I’m still seeing this message “XML-RPC server accepts POST requests only.” in the browser if I load xmlrpc.php in browser, instead of a ‘forbidden’ message. My understanding is that this means the plugin is not working.
]]>This plugin is great in that it helps prevent hackers from abusing this endpoint, though I’ve found that even if this filter is set the script still takes a considerable amount of CPU/memory to execute. So, during a bot attack it quickly debilitates the server. Adding die; directly into the first line of xmlrpc.php seems to be the best solution in this case. It would be great if somehow this plugin could completely stop the execution of xmlrpc.php in a similar way.
Hi All,
I installed this plugin to secure my website, but now I can’t get to my login page anymore.
I also use a hide wp admin plugin, which I installed months ago. So if I would like to go tom my login page it’s not the standard wp-admin.
Could I disable this plugin through FTP?
]]>Great plugin! Working well on regular sites.
Is it compatible with multisite? If so, do you recommend network activation or subdomain activation?
]]>What does this file /xmlrpc.php do?
I have 400 000 hits to this file in 10 days!!! What does this mean???
My site in not popular at all.
Can someone please explain? Will this plugin help my site because I have a lot of CPU power used on my hosting company and soon I will need to pay more for the hosting services ??
Great plugin. One thing that’s missing:
xmlrpc.php is still shown in response headers. This page discusses how to remove it:
https://www.deluxeblogtips.com/2013/08/disable-xml-rpc-wordpress.html
or basically:
add_filter( 'wp_headers', 'yourprefix_remove_x_pingback' );
function yourprefix_remove_x_pingback( $headers )
{
unset( $headers['X-Pingback'] );
return $headers;
}Thanks.
]]>It took me, my host and my theme developer an entire week to realize it’s the ‘Disable XML-RPC’ plugin that caused the image to not show up in the Edit Media page. What’s strange is when I initially did the usual deactivating/activating of every plugins, it didn’t surfaced as the problem. So we turned to other actions, like re-install wp4.1, theme and switched to Twenty Fifteen theme which all didn’t help correct the situation until last night. I remembered that’s the last plugin I installed, so was just trying my luck and boomed, everything show up.
I wonder anyone has the same issue, certainly hope to be able to activate it again.
]]>I can still access the file when this is on.
]]>The filter isn’t checked any more:
add_filter( 'xmlrpc_enabled', '__return_false' );
A better way of doing this would be to block the URL in .htaccess.
]]>Hi there,
I think it would make sense if disabling xml-rpc to also get rid of the ‘discovery links’ which may attract the hackers to try xml-rpc on your site.
remove_action(‘wp_head’, ‘rsd_link’);
remove_action(‘wp_head’, ‘wlwmanifest_link’);
See https://www.themelab.com/2010/07/11/remove-code-wordpress-header/
There is this plugin, but would be better to do it in one go since it is just a line or two of code.
https://www.planetmike.com/plugins/wlw-disabler/
I installed and activiated the “Disable XML-RPC” plug-in. How can I tell if it’s working? xmlrpc.php is still being executed.
]]>