{"id":117149,"date":"2020-02-10T06:44:44","date_gmt":"2020-02-10T06:44:44","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/remove-xml-rpc-methods\/"},"modified":"2026-03-26T18:16:47","modified_gmt":"2026-03-26T18:16:47","slug":"wee-remove-xmlrpc-methods","status":"publish","type":"plugin","link":"https:\/\/kk.wordpress.org\/plugins\/wee-remove-xmlrpc-methods\/","author":8653336,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.4.2","stable_tag":"1.4.2","tested":"7.0","requires":"4.6","requires_php":"5.4.0","requires_plugins":null,"header_name":"Remove XML-RPC Methods","header_author":"Walter Ebert","header_description":"Remove all methods from the WordPress XML-RPC API.","assets_banners_color":"1f1d1c","last_updated":"2026-03-26 18:16:47","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/gitlab.com\/walterebert\/wee-remove-xmlrpc-methods","header_author_uri":"https:\/\/walterebert.com","rating":5,"author_block_rating":0,"active_installs":1000,"downloads":13067,"num_ratings":2,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"walterebert","date":"2020-02-10 06:44:26"},"1.1.0":{"tag":"1.1.0","author":"walterebert","date":"2020-02-10 06:51:00"},"1.2.0":{"tag":"1.2.0","author":"walterebert","date":"2020-03-07 06:35:41"},"1.3.0":{"tag":"1.3.0","author":"walterebert","date":"2020-08-03 10:58:28"},"1.3.1":{"tag":"1.3.1","author":"walterebert","date":"2020-08-03 11:16:33"},"1.3.2":{"tag":"1.3.2","author":"walterebert","date":"2020-08-03 11:30:49"},"1.4.0":{"tag":"1.4.0","author":"walterebert","date":"2024-07-01 22:13:58"},"1.4.1":{"tag":"1.4.1","author":"walterebert","date":"2025-12-02 20:41:57"},"1.4.2":{"tag":"1.4.2","author":"walterebert","date":"2026-03-26 18:16:47"}},"upgrade_notice":[],"ratings":{"1":0,"2":0,"3":0,"4":0,"5":2},"assets_icons":{"icon-128x128.jpg":{"filename":"icon-128x128.jpg","revision":2241564,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.jpg":{"filename":"icon-256x256.jpg","revision":2241564,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-772x250.jpg":{"filename":"banner-772x250.jpg","revision":2241564,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.1.0","1.2.0","1.3.0","1.3.1","1.3.2","1.4.0","1.4.1","1.4.2"],"block_files":[],"assets_screenshots":[],"screenshots":[],"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[600,6558,14731],"plugin_category":[54],"plugin_contributors":[127340],"plugin_business_model":[],"class_list":["post-117149","plugin","type-plugin","status-publish","hentry","plugin_tags-security","plugin_tags-xml-rpc","plugin_tags-xmlrpc","plugin_category-security-and-spam-protection","plugin_contributors-walterebert","plugin_committers-walterebert"],"banners":{"banner":"https:\/\/ps.w.org\/wee-remove-xmlrpc-methods\/assets\/banner-772x250.jpg?rev=2241564","banner_2x":false,"banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/wee-remove-xmlrpc-methods\/assets\/icon-128x128.jpg?rev=2241564","icon_2x":"https:\/\/ps.w.org\/wee-remove-xmlrpc-methods\/assets\/icon-256x256.jpg?rev=2241564","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>Removes all WordPress methods from the XML-RPC API to increase security. It does more than just using the <code>xmlrpc_enabled<\/code> hook, because that is only used \u201cTo disable XML-RPC methods that require authentication\u201d.<\/p>\n\n<p>Activating this plugin will also disable pingbacks, trackbacks, and Really Simple Discovery (RSD), because these rely on XML-RPC.<\/p>\n\n<p>It works with any webserver, because it does not use the .htaccess file.<\/p>\n\n<h4>Testing the plugin<\/h4>\n\n<p>From the command line you can test if the plugin is working correctly using <a href=\"https:\/\/curl.haxx.se\/\">curl<\/a>. Replace the <code>example.com<\/code> link to match your website:<\/p>\n\n<pre><code>curl -d '&lt;?xml version=\"1.0\"?&gt;&lt;methodCall&gt;&lt;methodName&gt;system.listMethods&lt;\/methodName&gt;&lt;params&gt;&lt;param&gt;&lt;value&gt;&lt;string\/&gt;&lt;\/value&gt;&lt;\/param&gt;&lt;\/params&gt;&lt;\/methodCall&gt;' https:\/\/example.com\/xmlrpc.php\n<\/code><\/pre>\n\n<p>This should only return the following methods:\n- <code>system.multicall<\/code>\n- <code>system.listMethods<\/code>\n- <code>system.getCapabilities<\/code><\/p>\n\n<!--section=installation-->\n<ol>\n<li>Download the plugin and unzip it. Copy the files to the <code>\/wp-content\/plugins\/wee-remove-xmlrpc-methods<\/code> directory<\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress<\/li>\n<\/ol>\n\n<!--section=changelog-->\n<h4>1.4.2<\/h4>\n\n<ul>\n<li>Updated description<\/li>\n<li>Tested WordPress up to version 7.0.<\/li>\n<\/ul>\n\n<h4>1.4.1<\/h4>\n\n<ul>\n<li>Updated description and tags<\/li>\n<\/ul>\n\n<h4>1.4.0<\/h4>\n\n<ul>\n<li>Tested with PHP 8.0<\/li>\n<li>Tested WordPress up to version 5.6.<\/li>\n<\/ul>\n\n<h4>1.3.1<\/h4>\n\n<ul>\n<li>Correct description<\/li>\n<\/ul>\n\n<h4>1.3.0<\/h4>\n\n<ul>\n<li>Replace PHP <code>header<\/code> function with <code>http_response_code<\/code>.<\/li>\n<li>Update readme.txt.<\/li>\n<li>Raise minimal supported WordPress version to 4.6.<\/li>\n<li>Tested WordPress up to version 5.5.<\/li>\n<\/ul>\n\n<h4>1.2.0<\/h4>\n\n<ul>\n<li>Replace pings_open action function with built-in function.<\/li>\n<li>Increase pings_open action priority.<\/li>\n<li>Raise minimal supported WordPress version to 4.4.<\/li>\n<li>Tested WordPress up to version 5.4.<\/li>\n<\/ul>\n\n<h4>1.1.0<\/h4>\n\n<ul>\n<li>Deactivate pingbacks on install.<\/li>\n<li>Remove RSD link reference.<\/li>\n<\/ul>","raw_excerpt":"Remove all WordPress methods from the XML-RPC API to increase security.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/kk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/117149","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/kk.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/kk.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=117149"}],"author":[{"embeddable":true,"href":"https:\/\/kk.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/walterebert"}],"wp:attachment":[{"href":"https:\/\/kk.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=117149"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/kk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=117149"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/kk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=117149"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/kk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=117149"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/kk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=117149"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/kk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=117149"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}