Disable XML-RPC-API - Version 1.0.5

Version Description

Fix pingback link tag in header
Add ability to fix htaccess

Release Info

Developer	aminnz
Plugin	Disable XML-RPC-API
Version	1.0.5
Comparing to
See all releases

Code changes from version 1.0.1 to 1.0.5

Files changed (7) hide show

admin/admin.php +29 -0
{disable-xml-rpc-api → admin}/dsxmlrpc-htaccess +0 -0
disable-xml-rpc-api.php +72 -0
disable-xml-rpc-api/disable-xml-rpc-api.php +0 -57
lib/admin-notices/dismiss-notice.js +33 -0
lib/admin-notices/persist-admin-notices-dismissal.php +189 -0
disable-xml-rpc-api/readme.txt → readme.txt +11 -3

admin/admin.php ADDED Viewed

	@@ -0,0 +1,29 @@


1	+ <?php
2	+
3	+
4	+ function sample_admin_notice__success() {
5	+ if ( ! PAnD::is_admin_notice_active( 'dsxmlrpc-notice-15' ) ) {
6	+ return;
7	+ }
8	+
9	+ ?>
10	+ <div data-dismissible="dsxmlrpc-notice-15" class="updated notice notice-success is-dismissible">
11	+ <h2>Your website is protected from XML-RPC DDOS attacks!</h2>
12	+ <div class="dsxmlrpc-notice-innner">
13	+ <p>You can help us make this plugin better by reviewing and giving it 5 stars</p>
14	+ <a href="https://wordpress.org/support/plugin/disable-xml-rpc-api/reviews/#new-post" target="_blank" class="wporg-ratings" aria-label="4 out of 5 stars" data-title-template="%s out of 5 stars" data-rating="4" style="margin: 8px;text-decoration:none;color:#ffb900;"><span class="dashicons dashicons-star-filled"></span><span class="dashicons dashicons-star-filled"></span><span class="dashicons dashicons-star-filled"></span><span class="dashicons dashicons-star-filled"></span><span class="dashicons dashicons-star-filled"></span></a>
15	+ </div>
16	+ </div>
17	+ <style>
18	+ a.wporg-ratings span:hover {
19	+ color: #FF9800 !important;
20	+ }
21	+ @media screen and (min-width: 782px) {
22	+ .dsxmlrpc-notice-innner {
23	+ display: flex;
24	+ }}
25	+ </style>
26	+ <?php
27	+ }
28	+
29	+ add_action( 'admin_notices', 'sample_admin_notice__success' );

{disable-xml-rpc-api → admin}/dsxmlrpc-htaccess RENAMED Viewed

File without changes

disable-xml-rpc-api.php ADDED Viewed

	@@ -0,0 +1,72 @@


1	+ <?php
2	+ /*
3	+ Plugin Name: Disable XML-RPC-API
4	+ Plugin URI: https://neatma.com/
5	+ Description: Simple plugin to disable XML-RPC API and X-Pingback in WordPress 3.5+ for faster and more secure website.
6	+ Version: 1.0.5
7	+ Tested up to: 5.6
8	+ Requires at least: 3.5
9	+ Author: Amin Nazemi
10	+ Author URI: https://neatma.com/
11	+ License: GPLv2
12	+ */
13	+
14	+ define('dsxmlrpc_plugin_url', plugin_dir_path(__FILE__));
15	+ require_once(dsxmlrpc_plugin_url . '/lib/admin-notices/persist-admin-notices-dismissal.php');
16	+ require_once(dsxmlrpc_plugin_url . 'admin/admin.php');
17	+
18	+ add_action( 'admin_init', array( 'PAnD', 'init' ) );
19	+
20	+
21	+ add_filter('xmlrpc_enabled', '__return_false');
22	+
23	+ //
24	+ // Disable X-Pingback to header
25	+
26	+ add_filter( 'wp_headers', 'dsxmlrpc_x_pingback' );
27	+ add_filter('pings_open', '__return_false', PHP_INT_MAX);
28	+ add_action('wp_head','dsxmlrpc_wp_head_buffer');
29	+
30	+ function dsxmlrpc_x_pingback( $headers ) {
31	+ unset( $headers['X-Pingback'] );
32	+ return $headers;
33	+ }
34	+ function dsxmlrpc_wp_head_buffer() {
35	+ $in = ob_get_clean();
36	+ $in = preg_replace('#<link rel="pingback"(.*?)>#', '', $in);
37	+
38	+ echo $in;
39	+ }
40	+
41	+
42	+ //
43	+ // Fix htaccess permissions
44	+
45	+ function dsxmlrpc_file_chmod() {
46	+ $home_path = dsxmlrpc_home_path;
47	+ $htaccess_file = $home_path . '.htaccess';
48	+ chmod($htaccess_file, 0755);
49	+ }
50	+
51	+ //
52	+ // Disable access to xmlrpc.php entirely with .htaccess file
53	+
54	+ function dsxmlrpc_add_htaccess() {
55	+
56	+ $home_path = function_exists('get_home_path') ? get_home_path() : ABSPATH;
57	+ $filename = dsxmlrpc_plugin_url . '/admin/dsxmlrpc-htaccess';
58	+ $htaccess_file = $home_path . '.htaccess';
59	+ insert_with_markers($htaccess_file, 'DS-XML-RPC-API', extract_from_markers($filename, 'DS-XML-RPC-API')) ? : dsxmlrpc_file_chmod();
60	+ }
61	+ add_action('admin_init', 'dsxmlrpc_add_htaccess', 1, 2 );
62	+
63	+
64	+
65	+ function dsxmlrpc_remove_htaccess() {
66	+ $home_path = function_exists('get_home_path') ? get_home_path() : ABSPATH;
67	+ $filename = dsxmlrpc_plugin_url . '/admin/dsxmlrpc-htaccess';
68	+ $htaccess_file = $home_path . '.htaccess';
69	+ insert_with_markers($htaccess_file, 'DS-XML-RPC-API', '') ? : dsxmlrpc_file_chmod();
70	+
71	+ }
72	+ add_action( 'deactivated_plugin', 'dsxmlrpc_remove_htaccess', 2, 2 );

disable-xml-rpc-api/disable-xml-rpc-api.php DELETED Viewed

@@ -1,57 +0,0 @@
-            -
            <?php
-            -
            /*
-            -
            Plugin Name: Disable XML-RPC-API
-            -
            Plugin URI: https://kafeweb.com/
-            -
            Description: Simple plugin to disable XML-RPC API and X-Pingback in WordPress 3.5+ for faster and more secure website.
-            -
            Version: 1.0.1
-            -
            Tested up to: 5.6
-            -
            Requires at least: 	3.5
-            -
            Author: Amin Nazemi
-            -
            Author URI: https://kafeweb.com/
-            -
            License: GPLv2
-            -
            */
-            -
-            -
            require_once(ABSPATH . 'wp-admin/includes/misc.php');
-            -
            require_once(ABSPATH . 'wp-admin/includes/file.php');
-            -
-            -
-            -
-            -
-            -
            $plugin = 'disable-xml-rpc-api/disable-xml-rpc-api.php';
-            -
-            -
            add_filter('xmlrpc_enabled', '__return_false');
-            -
-            -
            // Disable X-Pingback to header
-            -
-            -
            add_filter( 'wp_headers', 'dsxmlrpc_x_pingback' );
-            -
            add_filter('pings_open', '__return_false', PHP_INT_MAX);
-            -
-            -
            function dsxmlrpc_x_pingback( $headers ) {
-            -
              unset( $headers['X-Pingback'] );
-            -
                     return $headers;
-            -
            }
-            -
-            -
-            -
-            -
-            -
            // Disable access to xmlrpc.php entirely with .htaccess file
-            -
-            -
            function dsxmlrpc_add_htaccess() {
-            -
-            -
            $home_path = function_exists('get_home_path') ? get_home_path() : ABSPATH;
-            -
            $filename = dirname(__FILE__) . '/dsxmlrpc-htaccess';
-            -
            $htaccess_file = $home_path . '.htaccess';
-            -
-            -
            insert_with_markers($htaccess_file, 'DS-XML-RPC-API', extract_from_markers($filename, 'DS-XML-RPC-API'));
-            -
            }
-            -
                add_action('admin_init', 'dsxmlrpc_add_htaccess', 1, 2 );
-            -
-            -
-            -
-            -
            function dsxmlrpc_remove_htaccess() {
-            -
               $home_path = function_exists('get_home_path') ? get_home_path() : ABSPATH;
-            -
               $filename = dirname(__FILE__) . '/dsxmlrpc-htaccess';
-            -
               $htaccess_file = $home_path . '.htaccess';
-            -
                	insert_with_markers($htaccess_file, 'DS-XML-RPC-API', '');
-            -
            }
-            -
            add_action( 'deactivated_plugin', 'dsxmlrpc_remove_htaccess', 2, 2 );

lib/admin-notices/dismiss-notice.js ADDED Viewed

	@@ -0,0 +1,33 @@


1	+ (function ($) {
2	+ //shorthand for ready event.
3	+ $(
4	+ function () {
5	+ $( 'div[data-dismissible] button.notice-dismiss' ).click(
6	+ function (event) {
7	+ event.preventDefault();
8	+ var $this = $( this );
9	+
10	+ var attr_value, option_name, dismissible_length, data;
11	+
12	+ attr_value = $this.parent().attr( 'data-dismissible' ).split( '-' );
13	+
14	+ // remove the dismissible length from the attribute value and rejoin the array.
15	+ dismissible_length = attr_value.pop();
16	+
17	+ option_name = attr_value.join( '-' );
18	+
19	+ data = {
20	+ 'action': 'dismiss_admin_notice',
21	+ 'option_name': option_name,
22	+ 'dismissible_length': dismissible_length,
23	+ 'nonce': dismissible_notice.nonce
24	+ };
25	+
26	+ // We can also pass the url value separately from ajaxurl for front end AJAX implementations
27	+ $.post( ajaxurl, data );
28	+ }
29	+ );
30	+ }
31	+ )
32	+
33	+ }(jQuery));

lib/admin-notices/persist-admin-notices-dismissal.php ADDED Viewed

	@@ -0,0 +1,189 @@


1	+ <?php
2	+
3	+ /**
4	+ * Persist Admin notices Dismissal
5	+ *
6	+ * Copyright (C) 2016 Collins Agbonghama <http://w3guy.com>
7	+ *
8	+ * This program is free software: you can redistribute it and/or modify
9	+ * it under the terms of the GNU General Public License as published by
10	+ * the Free Software Foundation, either version 3 of the License, or
11	+ * (at your option) any later version.
12	+ *
13	+ * This program is distributed in the hope that it will be useful,
14	+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
15	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16	+ * GNU General Public License for more details.
17	+ *
18	+ * You should have received a copy of the GNU General Public License
19	+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
20	+ *
21	+ * @package Persist Admin notices Dismissal
22	+ * @author Collins Agbonghama
23	+ * @author Andy Fragen
24	+ * @license http://www.gnu.org/licenses GNU General Public License
25	+ */
26	+
27	+ /**
28	+ * Exit if called directly.
29	+ */
30	+ if ( ! defined( 'ABSPATH' ) ) {
31	+ die;
32	+ }
33	+
34	+ if ( ! class_exists( 'PAnD' ) ) {
35	+
36	+ /**
37	+ * Class PAnD
38	+ */
39	+ class PAnD {
40	+
41	+ /**
42	+ * Init hooks.
43	+ */
44	+ public static function init() {
45	+ add_action( 'admin_enqueue_scripts', array( __CLASS__, 'load_script' ) );
46	+ add_action( 'wp_ajax_dismiss_admin_notice', array( __CLASS__, 'dismiss_admin_notice' ) );
47	+
48	+ /**
49	+ * Filter to activate another filter providing a simpler use case.
50	+ *
51	+ * @since 1.4.3
52	+ *
53	+ * @param bool
54	+ */
55	+ if ( apply_filters( 'pand_theme_loader', false ) ) {
56	+ add_filter(
57	+ 'pand_dismiss_notice_js_url',
58	+ function( $js_url, $composer_path ) {
59	+ return get_stylesheet_directory_uri() . $composer_path;
60	+ },
61	+ 10,
62	+ 2
63	+ );
64	+ }
65	+ }
66	+
67	+ /**
68	+ * Enqueue javascript and variables.
69	+ */
70	+ public static function load_script() {
71	+
72	+ if ( is_customize_preview() ) {
73	+ return;
74	+ }
75	+
76	+ $js_url = plugins_url( 'dismiss-notice.js', __FILE__ );
77	+ $composer_path = '/vendor/collizo4sky/persist-admin-notices-dismissal/dismiss-notice.js';
78	+
79	+ /**
80	+ * Filter dismiss-notice.js URL.
81	+ *
82	+ * @since 1.4.3
83	+ *
84	+ * @param string $js_url URL to the Javascript file.
85	+ * @param string $composer_path Relative path of Javascript file from composer install.
86	+ */
87	+ $js_url = apply_filters( 'pand_dismiss_notice_js_url', $js_url, $composer_path );
88	+ wp_enqueue_script(
89	+ 'dismissible-notices',
90	+ $js_url,
91	+ array( 'jquery', 'common' ),
92	+ false,
93	+ true
94	+ );
95	+
96	+ wp_localize_script(
97	+ 'dismissible-notices',
98	+ 'dismissible_notice',
99	+ array(
100	+ 'nonce' => wp_create_nonce( 'dismissible-notice' ),
101	+ )
102	+ );
103	+ }
104	+
105	+ /**
106	+ * Handles Ajax request to persist notices dismissal.
107	+ * Uses check_ajax_referer to verify nonce.
108	+ */
109	+ public static function dismiss_admin_notice() {
110	+ $option_name = sanitize_text_field( $_POST['option_name'] );
111	+ $dismissible_length = sanitize_text_field( $_POST['dismissible_length'] );
112	+
113	+ if ( 'forever' != $dismissible_length ) {
114	+ // If $dismissible_length is not an integer default to 1
115	+ $dismissible_length = ( 0 == absint( $dismissible_length ) ) ? 1 : $dismissible_length;
116	+ $dismissible_length = strtotime( absint( $dismissible_length ) . ' days' );
117	+ }
118	+
119	+ check_ajax_referer( 'dismissible-notice', 'nonce' );
120	+ self::set_admin_notice_cache( $option_name, $dismissible_length );
121	+ wp_die();
122	+ }
123	+
124	+ /**
125	+ * Is admin notice active?
126	+ *
127	+ * @param string $arg data-dismissible content of notice.
128	+ *
129	+ * @return bool
130	+ */
131	+ public static function is_admin_notice_active( $arg ) {
132	+ $array = explode( '-', $arg );
133	+ $length = array_pop( $array );
134	+ $option_name = implode( '-', $array );
135	+ $db_record = self::get_admin_notice_cache( $option_name );
136	+
137	+ if ( 'forever' == $db_record ) {
138	+ return false;
139	+ } elseif ( absint( $db_record ) >= time() ) {
140	+ return false;
141	+ } else {
142	+ return true;
143	+ }
144	+ }
145	+
146	+ /**
147	+ * Returns admin notice cached timeout.
148	+ *
149	+ * @access public
150	+ *
151	+ * @param string\|bool $id admin notice name or false.
152	+ *
153	+ * @return array\|bool The timeout. False if expired.
154	+ */
155	+ public static function get_admin_notice_cache( $id = false ) {
156	+ if ( ! $id ) {
157	+ return false;
158	+ }
159	+ $cache_key = 'pand-' . md5( $id );
160	+ $timeout = get_site_option( $cache_key );
161	+ $timeout = 'forever' === $timeout ? time() + 60 : $timeout;
162	+
163	+ if ( empty( $timeout ) \|\| time() > $timeout ) {
164	+ return false;
165	+ }
166	+
167	+ return $timeout;
168	+ }
169	+
170	+ /**
171	+ * Sets admin notice timeout in site option.
172	+ *
173	+ * @access public
174	+ *
175	+ * @param string $id Data Identifier.
176	+ * @param string\|bool $timeout Timeout for admin notice.
177	+ *
178	+ * @return bool
179	+ */
180	+ public static function set_admin_notice_cache( $id, $timeout ) {
181	+ $cache_key = 'pand-' . md5( $id );
182	+ update_site_option( $cache_key, $timeout );
183	+
184	+ return true;
185	+ }
186	+
187	+ }
188	+
189	+ }

disable-xml-rpc-api/readme.txt → readme.txt RENAMED Viewed

	@@ -1,14 +1,15 @@
1	=== Disable XML-RPC-API ===
2
3	Plugin Name: Disable XML-RPC-API
4	- Plugin URI: https://~~kafeweb~~.com/

5	Description: Simple plugin to disable XML-RPC API and X-Pingback in WordPress 3.5+ for faster and more secure website.
6	Tags: disable xml-rpc, disable xmlrpc,remove xmlrpc, XML-RPC, xmlrpc.php, XML-RPC API, stop brute force attacks
7	- Version: 1.0.1
8	Tested up to: 5.6
9	Requires at least: 3.5
10	Author: Amin Nazemi
11	- Author URI: https://~~kafeweb~~.com/
12	License: GPLv2
13
14	Simple plugin to disable XML-RPC API and X-Pingback in WordPress 3.5+ for faster and more secure website
	@@ -59,3 +60,10 @@ screenshot-1.png
59
60	= 1.0.1 =
61	* Fix bugs


1	=== Disable XML-RPC-API ===
2
3	Plugin Name: Disable XML-RPC-API
4	+ Plugin URI: https://neatma.com
5	+ Contributors: aminnz
6	Description: Simple plugin to disable XML-RPC API and X-Pingback in WordPress 3.5+ for faster and more secure website.
7	Tags: disable xml-rpc, disable xmlrpc,remove xmlrpc, XML-RPC, xmlrpc.php, XML-RPC API, stop brute force attacks
8	+ Version: 1.0.6
9	Tested up to: 5.6
10	Requires at least: 3.5
11	Author: Amin Nazemi
12	+ Author URI: https://neatma.com
13	License: GPLv2
14
15	Simple plugin to disable XML-RPC API and X-Pingback in WordPress 3.5+ for faster and more secure website

60
61	= 1.0.1 =
62	* Fix bugs
63	+
64	+ = 1.0.5 =
65	+ * Fix pingback link tag in header
66	+ * Add ability to fix htaccess
67	+
68	+ = 1.0.6 =
69	+ * Fix warnings for htaccess permission