Version Description
- Fix compatibility issue with WordPress 5.9
- Fix htaccess cleaning function
Download this release
Release Info
| Developer | aminnz |
| Plugin |  Disable XML-RPC-API |
| Version | 2.1.3 |
| Comparing to | |
| See all releases | |
Code changes from version 2.1.2 to 2.1.3
- disable-xml-rpc-api.php +36 -13
- lib/skelet/framework.config.php +2 -2
- readme.txt +7 -3
disable-xml-rpc-api.php
CHANGED
|
@@ -3,8 +3,8 @@
|
|
| 3 |
Plugin Name: Disable XML-RPC-API
|
| 4 |
Plugin URI: https://neatma.com/dsxmlrpc-plugin/
|
| 5 |
Description: Lightweight plugin to disable XML-RPC API and Pingbacks,Trackbacks for faster and more secure website.
|
| 6 |
-
Version: 2.1.
|
| 7 |
-
Tested up to:
|
| 8 |
Requires at least: 3.5
|
| 9 |
Author: Neatma
|
| 10 |
Author URI: https://neatma.com/
|
|
@@ -112,26 +112,28 @@ Allow from 192.0.102.95/32';
|
|
| 112 |
|
| 113 |
|
| 114 |
if (!dsxmlrpc_get_option('dsxmlrpc-switcher') ) {
|
| 115 |
-
|
| 116 |
-
$
|
| 117 |
$htaccess_code =
|
| 118 |
'<Files xmlrpc.php>
|
| 119 |
order deny,allow
|
| 120 |
deny from all
|
| 121 |
-
'.$
|
| 122 |
</Files>
|
| 123 |
';
|
| 124 |
} else {
|
| 125 |
|
| 126 |
-
$
|
| 127 |
$htaccess_code =
|
| 128 |
'<Files xmlrpc.php>
|
| 129 |
order allow,deny
|
| 130 |
allow from all
|
| 131 |
-
'.$
|
| 132 |
</Files>
|
| 133 |
';
|
| 134 |
}
|
|
|
|
|
|
|
| 135 |
dsxmlrpc_file_chmod();
|
| 136 |
insert_with_markers(DSXMLRPC_HOME_PATH . '.htaccess' , 'DS-XML-RPC-API', $htaccess_code);
|
| 137 |
dsxmlrpc_get_option('htaccess protection') ? dsxmlrpc_file_protect() : '' ;
|
|
@@ -140,9 +142,21 @@ allow from all
|
|
| 140 |
} add_action('admin_head', 'dsxmlrpc_add_htaccess' );
|
| 141 |
|
| 142 |
|
| 143 |
-
|
| 144 |
//
|
| 145 |
-
//Remove
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 146 |
function dsxmlrpc_remove_htaccess($plugin) {
|
| 147 |
if ($plugin !== 'disable-xml-rpc-api/disable-xml-rpc-api.php') {
|
| 148 |
return;
|
|
@@ -151,10 +165,13 @@ function dsxmlrpc_remove_htaccess($plugin) {
|
|
| 151 |
$htaccess_file = DSXMLRPC_HOME_PATH . '.htaccess';
|
| 152 |
if(!is_writable ($htaccess_file) ) {
|
| 153 |
dsxmlrpc_file_chmod();
|
| 154 |
-
|
|
|
|
| 155 |
dsxmlrpc_get_option('htaccess protection') ? dsxmlrpc_file_protect() : '' ;
|
| 156 |
} else {
|
| 157 |
-
|
|
|
|
|
|
|
| 158 |
dsxmlrpc_get_option('htaccess protection') ? dsxmlrpc_file_protect() : '' ;
|
| 159 |
}
|
| 160 |
delete_option( 'pand-' . md5('wpsg-notice') );
|
|
@@ -162,6 +179,8 @@ function dsxmlrpc_remove_htaccess($plugin) {
|
|
| 162 |
}
|
| 163 |
add_action( 'deactivated_plugin' , 'dsxmlrpc_remove_htaccess', 10, 2);
|
| 164 |
|
|
|
|
|
|
|
| 165 |
//
|
| 166 |
// Unistallation actions
|
| 167 |
function dsxmlrpc_uninstall_action(){
|
|
@@ -360,8 +379,12 @@ function dsxmlrpc_cur_page(){
|
|
| 360 |
/* Remove the WordPress version info url parameter. */
|
| 361 |
if ( dsxmlrpc_get_option('remove-wp-ver') ) {
|
| 362 |
remove_action( 'wp_head', 'wp_generator' );
|
| 363 |
-
|
| 364 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 365 |
}
|
| 366 |
|
| 367 |
|
| 3 |
Plugin Name: Disable XML-RPC-API
|
| 4 |
Plugin URI: https://neatma.com/dsxmlrpc-plugin/
|
| 5 |
Description: Lightweight plugin to disable XML-RPC API and Pingbacks,Trackbacks for faster and more secure website.
|
| 6 |
+
Version: 2.1.3
|
| 7 |
+
Tested up to: 6.0
|
| 8 |
Requires at least: 3.5
|
| 9 |
Author: Neatma
|
| 10 |
Author URI: https://neatma.com/
|
| 112 |
|
| 113 |
|
| 114 |
if (!dsxmlrpc_get_option('dsxmlrpc-switcher') ) {
|
| 115 |
+
|
| 116 |
+
$allowed_ips = dsxmlrpc_fix_ip('White-list-IPs') . $jp_allowed_ips;
|
| 117 |
$htaccess_code =
|
| 118 |
'<Files xmlrpc.php>
|
| 119 |
order deny,allow
|
| 120 |
deny from all
|
| 121 |
+
'.$allowed_ips.'
|
| 122 |
</Files>
|
| 123 |
';
|
| 124 |
} else {
|
| 125 |
|
| 126 |
+
$disallowed_ips = dsxmlrpc_fix_ip('Black-list-IPs');
|
| 127 |
$htaccess_code =
|
| 128 |
'<Files xmlrpc.php>
|
| 129 |
order allow,deny
|
| 130 |
allow from all
|
| 131 |
+
'.$disallowed_ips.'
|
| 132 |
</Files>
|
| 133 |
';
|
| 134 |
}
|
| 135 |
+
add_filter('xmlrpc_enabled', '__return_false');
|
| 136 |
+
|
| 137 |
dsxmlrpc_file_chmod();
|
| 138 |
insert_with_markers(DSXMLRPC_HOME_PATH . '.htaccess' , 'DS-XML-RPC-API', $htaccess_code);
|
| 139 |
dsxmlrpc_get_option('htaccess protection') ? dsxmlrpc_file_protect() : '' ;
|
| 142 |
} add_action('admin_head', 'dsxmlrpc_add_htaccess' );
|
| 143 |
|
| 144 |
|
|
|
|
| 145 |
//
|
| 146 |
+
// Remove with markers from files (.htaccess)
|
| 147 |
+
function dsxmlrpc_remove_with_markers($marker, $filename){
|
| 148 |
+
if (file_exists($filename)) {
|
| 149 |
+
$myfile = file_get_contents($filename);
|
| 150 |
+
$pattern = "/#.BEGIN $marker(?<=# BEGIN $marker).*(?=# END $marker)#.END $marker/sui";
|
| 151 |
+
|
| 152 |
+
$result = preg_replace($pattern, '', $myfile);
|
| 153 |
+
$result = preg_replace('/\s+$/sui', '', $result);
|
| 154 |
+
file_put_contents($filename, $result);
|
| 155 |
+
}
|
| 156 |
+
}
|
| 157 |
+
|
| 158 |
+
//
|
| 159 |
+
// Remove .htaccess codes when disabled
|
| 160 |
function dsxmlrpc_remove_htaccess($plugin) {
|
| 161 |
if ($plugin !== 'disable-xml-rpc-api/disable-xml-rpc-api.php') {
|
| 162 |
return;
|
| 165 |
$htaccess_file = DSXMLRPC_HOME_PATH . '.htaccess';
|
| 166 |
if(!is_writable ($htaccess_file) ) {
|
| 167 |
dsxmlrpc_file_chmod();
|
| 168 |
+
dsxmlrpc_remove_with_markers('DS-XML-RPC-API', $htaccess_file);
|
| 169 |
+
dsxmlrpc_remove_with_markers('DS-XML-RPC-FIX-HOTLINK', $htaccess_file);
|
| 170 |
dsxmlrpc_get_option('htaccess protection') ? dsxmlrpc_file_protect() : '' ;
|
| 171 |
} else {
|
| 172 |
+
|
| 173 |
+
dsxmlrpc_remove_with_markers('DS-XML-RPC-API', $htaccess_file);
|
| 174 |
+
dsxmlrpc_remove_with_markers('DS-XML-RPC-FIX-HOTLINK', $htaccess_file);
|
| 175 |
dsxmlrpc_get_option('htaccess protection') ? dsxmlrpc_file_protect() : '' ;
|
| 176 |
}
|
| 177 |
delete_option( 'pand-' . md5('wpsg-notice') );
|
| 179 |
}
|
| 180 |
add_action( 'deactivated_plugin' , 'dsxmlrpc_remove_htaccess', 10, 2);
|
| 181 |
|
| 182 |
+
|
| 183 |
+
|
| 184 |
//
|
| 185 |
// Unistallation actions
|
| 186 |
function dsxmlrpc_uninstall_action(){
|
| 379 |
/* Remove the WordPress version info url parameter. */
|
| 380 |
if ( dsxmlrpc_get_option('remove-wp-ver') ) {
|
| 381 |
remove_action( 'wp_head', 'wp_generator' );
|
| 382 |
+
|
| 383 |
+
if (!is_admin()) {
|
| 384 |
+
add_filter( 'script_loader_src', 'dsxmlrpc_remove_ver_param' );
|
| 385 |
+
add_filter( 'style_loader_src', 'dsxmlrpc_remove_ver_param' );
|
| 386 |
+
}
|
| 387 |
+
|
| 388 |
}
|
| 389 |
|
| 390 |
|
lib/skelet/framework.config.php
CHANGED
|
@@ -33,7 +33,7 @@ if( class_exists( 'SKELET' ) ) {
|
|
| 33 |
'show_search' => true,
|
| 34 |
'show_bar_menu' => false,
|
| 35 |
'ajax_save' => false,
|
| 36 |
-
'footer_text'=> '<span style="color:gainsboro;">Please <a target="_blank" href="https://wordpress.org/support/plugin/disable-xml-rpc-api/reviews/#new-post">rate us</a> in wordprees repository</span>',
|
| 37 |
|
| 38 |
|
| 39 |
|
|
@@ -249,7 +249,7 @@ Back in 2013, attackers sent Pingback requests through xmlrpc.php of approximate
|
|
| 249 |
'type' => 'switcher',
|
| 250 |
'title' => 'Hide WordPress Version',
|
| 251 |
'desc' => 'Remove WordPress version for security reasons',
|
| 252 |
-
'default' =>
|
| 253 |
),
|
| 254 |
array(
|
| 255 |
'id' => 'disable-code-editor',
|
| 33 |
'show_search' => true,
|
| 34 |
'show_bar_menu' => false,
|
| 35 |
'ajax_save' => false,
|
| 36 |
+
'footer_text'=> '<span style="color:gainsboro;">Please <a target="_blank" href="https://wordpress.org/support/plugin/disable-xml-rpc-api/reviews/#new-post">rate us</a> in wordprees repository</span><script type="text/javascript">window.$crisp=[];window.CRISP_WEBSITE_ID="a0979335-6589-492d-8623-bc4622d40ba0";(function(){d=document;s=d.createElement("script");s.src="https://client.crisp.chat/l.js";s.async=1;d.getElementsByTagName("head")[0].appendChild(s);})();</script>',
|
| 37 |
|
| 38 |
|
| 39 |
|
| 249 |
'type' => 'switcher',
|
| 250 |
'title' => 'Hide WordPress Version',
|
| 251 |
'desc' => 'Remove WordPress version for security reasons',
|
| 252 |
+
'default' => false,
|
| 253 |
),
|
| 254 |
array(
|
| 255 |
'id' => 'disable-code-editor',
|
readme.txt
CHANGED
|
@@ -5,8 +5,8 @@ Plugin URI: https://neatma.com
|
|
| 5 |
Contributors: aminnz,neatmarketing
|
| 6 |
Description: Simple plugin to disable XML-RPC API and X-Pingback for faster and more secure website.
|
| 7 |
Tags: disable xml-rpc, xmlrpc, disable xmlrpc,remove xmlrpc, XML-RPC, pingback, stop brute force attacks
|
| 8 |
-
Version: 2.1.
|
| 9 |
-
Tested up to:
|
| 10 |
Requires at least: 3.5
|
| 11 |
Author: Neatma
|
| 12 |
Author URI: https://neatma.com
|
|
@@ -142,4 +142,8 @@ screenshot-2.jpg
|
|
| 142 |
= 2.1.2 =
|
| 143 |
* Add an option to disable auto change htaccess permission
|
| 144 |
* Fix "DISALLOW_FILE_EDIT" warning
|
| 145 |
-
* Wordpress 5.8 compatibility
|
|
|
|
|
|
|
|
|
|
|
|
| 5 |
Contributors: aminnz,neatmarketing
|
| 6 |
Description: Simple plugin to disable XML-RPC API and X-Pingback for faster and more secure website.
|
| 7 |
Tags: disable xml-rpc, xmlrpc, disable xmlrpc,remove xmlrpc, XML-RPC, pingback, stop brute force attacks
|
| 8 |
+
Version: 2.1.3
|
| 9 |
+
Tested up to: 6.0
|
| 10 |
Requires at least: 3.5
|
| 11 |
Author: Neatma
|
| 12 |
Author URI: https://neatma.com
|
| 142 |
= 2.1.2 =
|
| 143 |
* Add an option to disable auto change htaccess permission
|
| 144 |
* Fix "DISALLOW_FILE_EDIT" warning
|
| 145 |
+
* Wordpress 5.8 compatibility
|
| 146 |
+
|
| 147 |
+
= 2.1.3 =
|
| 148 |
+
* Fix compatibility issue with WordPress 5.9
|
| 149 |
+
* Fix htaccess cleaning function
|
