Disable XML-RPC Pingback

Version Description

Files changed (2) hide show

disable-xml-rpc-pingback.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Disable XML-RPC Pingback
4	Description: Stops abuse of your site's Pingback method from XML-RPC by simply removing it. While you can use the rest of XML-RPC methods.
5	Author: Samuel Aguilera
6	- Version: 1.1
7	Author URI: http://www.samuelaguilera.com
8	License: GPL2
9	*/
	@@ -22,6 +22,8 @@ You should have received a copy of the GNU General Public License
22	along with this program. If not, see <http://www.gnu.org/licenses/>.
23	*/
24


25	add_filter( 'xmlrpc_methods', 'sar_block_xmlrpc_attacks' );
26
27	function sar_block_xmlrpc_attacks( $methods ) {
	@@ -30,11 +32,24 @@ function sar_block_xmlrpc_attacks( $methods ) {
30	return $methods;
31	}
32
33	- add_filter( 'wp_headers', 'sar_remove_x_pingback_header' );
34
35	- ~~function~~ ~~sar_remove_x_pingback_header~~( $~~headers~~ ) {
36	- ~~unset( $headers['X-Pingback'] );~~
37	- ~~return~~ ~~$headers;~~
38	- }














39
40	- ?>


3	Plugin Name: Disable XML-RPC Pingback
4	Description: Stops abuse of your site's Pingback method from XML-RPC by simply removing it. While you can use the rest of XML-RPC methods.
5	Author: Samuel Aguilera
6	+ Version: 1.2
7	Author URI: http://www.samuelaguilera.com
8	License: GPL2
9	*/

22	along with this program. If not, see <http://www.gnu.org/licenses/>.
23	*/
24
25	+ global $wp_version;
26	+
27	add_filter( 'xmlrpc_methods', 'sar_block_xmlrpc_attacks' );
28
29	function sar_block_xmlrpc_attacks( $methods ) {

32	return $methods;
33	}
34

35
36	+ if ( version_compare( $wp_version, '4.4' ) >= 0 ) {
37	+
38	+ // Remove X-Pingback from Header for WP 4.4+
39	+ add_action('wp', 'sar_remove_x_pingback_header_44', 9999);
40	+
41	+ function sar_remove_x_pingback_header_44() {
42	+ header_remove('X-Pingback');
43	+ }
44	+
45	+ } else {
46	+
47	+ // Remove X-Pingback from Header for older WP versions
48	+ add_filter( 'wp_headers', 'sar_remove_x_pingback_header' );
49	+
50	+ function sar_remove_x_pingback_header( $headers ) {
51	+ unset( $headers['X-Pingback'] );
52	+ return $headers;
53	+ }
54
55	+ }

readme.txt CHANGED Viewed

	@@ -1,9 +1,10 @@
1	=== Disable XML-RPC Pingback ===
2	Contributors: samuelaguilera
3	Tags: xml-rpc, xml, rpc, pingback, ddos, firewall
4	- Requires at least: 3.8.1
5	- Tested up to: 4.8.3
6	- ~~Stable~~ ~~tag~~: 1.1

7	License: GPLv2
8	License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
	@@ -21,8 +22,7 @@ Removes the following methods from XML-RPC interface.
21
22	* pingback.ping
23	* pingback.extensions.getPingbacks
24	-
25	- Also removes X-Pingback from HTTP headers. This will hopefully stops some bots from trying to hit your xmlrpc.php file.
26
27	= Requirements =
28
	@@ -35,6 +35,10 @@ Also removes X-Pingback from HTTP headers. This will hopefully stops some bots f
35
36	== Changelog ==
37




38	= 1.1 =
39
40	* Added code to remove X-Pingback from HTTP headers as suggested by user https://wordpress.org/support/topic/remove-x-pingback-http-header


1	=== Disable XML-RPC Pingback ===
2	Contributors: samuelaguilera
3	Tags: xml-rpc, xml, rpc, pingback, ddos, firewall
4	+ Requires at least: 4.8
5	+ Tested up to: 5.1.1
6	+ Requires PHP: 5.6
7	+ Stable tag: 1.2
8	License: GPLv2
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

22
23	* pingback.ping
24	* pingback.extensions.getPingbacks
25	+ * X-Pingback from HTTP headers. This will hopefully stops some bots from trying to hit your xmlrpc.php file.

26
27	= Requirements =
28

35
36	== Changelog ==
37
38	+ = 1.2 =
39	+
40	+ * Added support for X-Pingback header removal in recent versions of WP.
41	+
42	= 1.1 =
43
44	* Added code to remove X-Pingback from HTTP headers as suggested by user https://wordpress.org/support/topic/remove-x-pingback-http-header