Disable XML-RPC-API - Version 1.0.0

Version Description

Release Info

Developer	aminnz
Plugin	Disable XML-RPC-API
Version	1.0.0
Comparing to
See all releases

Version 1.0.0

Files changed (3) hide show

disable-xml-rpc-api/disable-xml-rpc-api.php +57 -0
disable-xml-rpc-api/dsxmlrpc-htaccess +9 -0
disable-xml-rpc-api/readme.txt +59 -0

disable-xml-rpc-api/disable-xml-rpc-api.php ADDED Viewed

	@@ -0,0 +1,57 @@


1	+ <?php
2	+ /*
3	+ Plugin Name: Disable XML-RPC-API
4	+ Plugin URI: https://kafeweb.com/
5	+ Description: Simple plugin to disable XML-RPC API and X-Pingback in WordPress 3.5+ for faster and more secure website.
6	+ Version: 1.0.0
7	+ Tested up to: 5.5.3
8	+ Requires at least: 3.5
9	+ Author: Amin Nazemi
10	+ Author URI: https://kafeweb.com/
11	+ License: GPLv2
12	+ */
13	+
14	+ require_once(ABSPATH . 'wp-admin/includes/misc.php');
15	+ require_once(ABSPATH . 'wp-admin/includes/file.php');
16	+
17	+
18	+
19	+
20	+ $plugin = 'disable-xml-rpc-api/disable-xml-rpc-api.php';
21	+
22	+ add_filter('xmlrpc_enabled', '__return_false');
23	+
24	+ // Disable X-Pingback to header
25	+
26	+ add_filter( 'wp_headers', 'dsxmlrpc_x_pingback' );
27	+ add_filter('pings_open', '__return_false', PHP_INT_MAX);
28	+
29	+ function dsxmlrpc_x_pingback( $headers ) {
30	+ unset( $headers['X-Pingback'] );
31	+ return $headers;
32	+ }
33	+
34	+
35	+
36	+
37	+ // Disable access to xmlrpc.php entirely with .htaccess file
38	+
39	+ function dsxmlrpc_add_htaccess() {
40	+
41	+ $home_path = function_exists('get_home_path') ? get_home_path() : ABSPATH;
42	+ $filename = dirname(__FILE__) . '/dsxmlrpc-htaccess';
43	+ $htaccess_file = $home_path . '.htaccess';
44	+
45	+ insert_with_markers($htaccess_file, 'DS-XML-RPC-API', extract_from_markers($filename, 'DS-XML-RPC-API'));
46	+ }
47	+ add_action('admin_init', 'dsxmlrpc_add_htaccess', 1, 2 );
48	+
49	+
50	+
51	+ function dsxmlrpc_remove_htaccess() {
52	+ $home_path = function_exists('get_home_path') ? get_home_path() : ABSPATH;
53	+ $filename = dirname(__FILE__) . '/dsxmlrpc-htaccess';
54	+ $htaccess_file = $home_path . '.htaccess';
55	+ insert_with_markers($htaccess_file, 'DS-XML-RPC-API', '');
56	+ }
57	+ add_action( 'deactivated_plugin', 'dsxmlrpc_remove_htaccess', 2, 2 );

disable-xml-rpc-api/dsxmlrpc-htaccess ADDED Viewed

	@@ -0,0 +1,9 @@


1	+ # BEGIN DS-XML-RPC-API
2	+ # Block WordPress xmlrpc.php requests
3	+
4	+ <Files xmlrpc.php>
5	+ order deny,allow
6	+ deny from all
7	+ </Files>
8	+
9	+ # END DS-XML-RPC-API

disable-xml-rpc-api/readme.txt ADDED Viewed

	@@ -0,0 +1,59 @@


1	+ === Disable XML-RPC-API ===
2	+
3	+ Plugin Name: Disable XML-RPC-API
4	+ Plugin URI: https://kafeweb.com/
5	+ Description: Simple plugin to disable XML-RPC API and X-Pingback in WordPress 3.5+ for faster and more secure website.
6	+ Tags: disable xml-rpc, disable xmlrpc,remove xmlrpc, XML-RPC, xmlrpc.php, XML-RPC API, stop brute force attacks
7	+ Version: 1.0.0
8	+ Tested up to: 5.5.3
9	+ Requires at least: 3.5
10	+ Author: Amin Nazemi
11	+ Author URI: https://kafeweb.com/
12	+ License: GPLv2
13	+
14	+ Simple plugin to disable XML-RPC API and X-Pingback in WordPress 3.5+ for faster and more secure website
15	+ == Description ==
16	+
17	+ Pretty simply, this plugin disables the XML-RPC API on a WordPress site running 3.5 or above.
18	+
19	+ PLUGIN FEATURES
20	+
21	+ * Disable access to xmlrpc.php file using .httacess file
22	+ * Disable X-pingback API to minimize CPU usage
23	+ * Remove and disable xmlrpc API entirely
24	+
25	+
26	+ Beginning in 3.5, XML-RPC is enabled by default. Additionally, the option to disable/enable XML-RPC was removed. For various reasons, site owners may wish to disable this functionality. This plugin provides an easy way to do so.
27	+
28	+ == Installation ==
29	+
30	+ 1. Upload the disable-xml-rpc directory to the `/wp-content/plugins/` directory in your WordPress installation
31	+ 2. Activate the plugin through the 'Plugins' menu in WordPress
32	+ 3. XML-RPC-API is now disabled!
33	+
34	+ To re-enable XML-RPC, just deactivate the plugin through the 'Plugins' menu.
35	+
36	+ == Frequently Asked Questions ==
37	+
38	+ = Is there an admin interface for this plugin? =
39	+
40	+ No. This plugin is as simple as XML-RPC is off (plugin activated) or XML-RPC is on (plugin is deactivated).
41	+
42	+ = How do I know if the plugin is working? =
43	+
44	+ There are three easy methods for checking if XML-RPC is off:
45	+ 1. Easiest way is going to this url: http://yourdomain/xmlrpc.php enter your domain name instead of 'yourdomain' if you see "Access forbidden!" or "403 error" it's working.
46	+ 2. First, try using an XML-RPC client, like the official WordPress mobile apps. The WordPress mobile app should tell you that "XML-RPC services are disabled on this site" if the plugin is activated.
47	+ 3. Or you can try the XML-RPC Validator, written by Danilo Ercoli of the Automattic Mobile Team - the tool is available at [http://xmlrpc.eritreo.it/](http://xmlrpc.eritreo.it/) with a blog post about it at [http://daniloercoli.com/2012/05/15/wordpress-xml-rpc-endpoint-validator/](http://daniloercoli.com/2012/05/15/wordpress-xml-rpc-endpoint-validator/). Keep in mind that you want the validator to fail and tell you that XML-RPC services are disabled.
48	+
49	+ = Something doesn't seem to be working correctly =
50	+
51	+ If the plugin is activated, but XML-RPC appears to still be working ... OR ... the plugin is deactivated, but XML-RPC is not working, then it's possible that another plugin or theme function is affecting the xmlrpc_enabled filter.
52	+
53	+ == Screenshots ==
54	+
55	+ == Changelog ==
56	+
57	+ = 1.0.0 =
58	+ * Initial release
59	+