I know this plugin is no longer updated, but I’m noting this in case anyone has any similar problem: When used with WordPress 5.6, you get an infinite loop that causes WordPress to run out of memory:

/wp-content/plugins/manage-xml-rpc/manage-xml-rpc.php has add_filter('mod_rewrite_rules', 'mxr_htaccess_contents');

Then "function mxr_htaccess_contents( $rules )" calls "$wp_rewrite->flush_rules( false );"

That calls "public function mod_rewrite_rules" in /wp-includes/class-wp-rewrite.php, which in turn calls
$rules = apply_filters( 'mod_rewrite_rules', $rules );

... which calls "function mxr_htaccess_contents" again in the plugin and so on in an infinite loop.

The plugin should not be used with WordPress 5.6.

Either I am missing something obvious or this plugin is not working at all, i.e. it is not blocking anything.

1. I go to my site, to verify XML-RPC (https://example.com/xmlrpc.php) and I see: “XML-RPC server accepts POST requests only”.

2. I go to my site’s configuration, to “XML-RPC Settings” and CHECK “Disable XML-RPC: Only check this if you want to block/disable all XML-RPC request”.

3. I go back to my site, to verify XML-RPC again and I again see “XML-RPC server accepts POST requests only”.

So, no change.

Unfortunately, the directives “Order”, “Allow” and “Deny” are no longer available on Apache 2.4 servers unless the module mod_access_compat is installed resp. activated manually. In order to have your plugin run on all kinds of Apache servers, you will probably have to change the code that is automatically inserted into the .htaccess file as follows:

# Apache 2.2
<IfModule !mod_authz_core.c>
    Order Deny, Allow
    Deny from all
</IfModule>

# Apache 2.4
<IfModule mod_authz_core.c>
    Require all denied
</IfModule>

Also, you will have to provide some additional PHP statements for allowed IPs: "Require ip ".$ip. "\n";
as well as for disallowed ones:
"Require not ip ".$ip. "\n";

Hope this helps
– Hanno

So I’ve tried this plugin and had high hopes about it, but it doesn’t seem to work. The code in the source stays:

<link rel=”pingback” href=”https://www.internationalspo.org/xmlrpc.php”&gt;

I have checked both options, but this code stays in the code of the page. Any way to remove it?

Is it possible to use IP ranges in this plugin? I want to allow 192.0. so that I can use Jetpack, but nothing else allowed for XMLRPC. Thanks in advance.

If you add an allowed IP address it wipes out denied IP addresses. Is this a bug or is this by design?