What does this plugin do?

This plugin disables the XML-RPC and trackbacks-pingbacks on your WordPress website.

What are the features of this plugin?

The features of this plugin include disabling access to xmlrpc.php file, changing htaccess file permission to read-only, disabling X-pingback, disabling selected methods from XML-RPC, removing pingback-ping link from header, disabling trackbacks and pingbacks, renaming XML-RPC slug, black listing IPs for XML-RPC, white listing IPs for XML-RPC, speeding up your WordPress website, disabling JSON REST API, hiding WordPress version, disabling built-in WordPress file editor, disabling wlw manifest, and other options.

How can I get more protection for my website?

You can use WP Security Guard to protect your website against hackers, spammers, and bad bots.

What are the main features of WP Security Guard?

The main features of WP Security Guard include anti brute-force attack, anti hack firewall, security monitoring, math captcha & Google reCaptcha, two factor authentication, file integrity monitoring, no captcha anti spam, and more.

XML-RPC, or XML Remote Procedure Call, is a protocol which uses XML to encode its calls and HTTP as a transport mechanism. It was enabled by default in WordPress 3.5 but can be disabled using this plugin.

Join Agency Program today.

2x Leads & 50% Cost Savings on Hosting. Join Agency Program today.

Disable XML-RPC-API

A simple and lightweight plugin to disable XML-RPC API, X-Pingback and pingback-ping in WordPress 3.5+ for a faster and more secure website

Rating:

4.2

Active Installations:

100000+

Last Updated:

Dec 13, 2024

WordPress Version:

5.0 or higher

Tested up to:

6.7.2

Features Download’s trend Changelog Reviews

Protect Your Website

Defend against xmlrpc attacks, disable XML-RPC and trackbacks-pingbacks on WordPress website.

Prevent Brute Force

Stop attackers from guessing passwords, block brute force attempts with xmlrpc protection.

Avoid DOS Attacks

Eliminate the risk of Denial of Service attacks via Pingback, protect your website from being compromised.

Increase Website Speed

Speed up your WordPress website with options to disable JSON REST API, hide WordPress version, and more.

Author’s Site

1.0.0

Initial release

1.0.1

Fix bugs

1.0.5

Remove pingback link tag in header
Add ability to fix htaccess file permission

1.0.6

Fix warnings for htaccess permission

1.0.7

Fix blank page when using W3 Total Cache and some other cache plugins

1.0.8

Fix code conflict with Autoptimize plugin

1.0.9

WordPress 5.7 compatible
Fix some issues

2.0.0

Fix code conflict with some other plugin
Fix hiding data in WooCommerce Product Tabs

2.1.0

*Major Update
*Add “XML-RPC Security”settings menu
*Add some new features
*Fix plugin deactivation bug

2.1.1

Add new feature fix hotlinks
Change notif timing

2.1.2

Add an option to disable auto change htaccess permission
Fix “DISALLOW_FILE_EDIT” warning
WordPress 5.8 compatibility

2.1.3

Fix compatibility issue with WordPress 5.9
Fix htaccess cleaning function

2.1.4

Fix some minor bugs
Refactor the entire codes
Add a fallback function for situations htaccess is not working

2.1.4.2

Hotfix for error on update

2.1.4.3

Hotfix for error on removing v metadata

2.1.4.4

Fix warning undefined variable $htaccess_code when disable hotlink fix is off
Fix warning Undefined array key “plugins” on PHP 8+

2.1.4.5

Fix removing vpingback header issue in the last major update
Update tested up to wp 6.1

2.1.4.7

Fix issues on vuninstallation hook
Minor improvements on admin review notification

2.1.4.8

Fix bug v wp reset API option

2.1.4.9

Update Jetpack default whitelist IPs
Fix bug with update actions function
Keep enabling WP RSS in default settings
Test with WordPress 6.3 and update tested up to

2.1.5

Hotfix for .htaccess error and disabling the admin notices

2.1.6

Clean Up the plugin codes (remove unnecessary codes)
Add VaultPress IPs to JetPack allowlist
Test compatibility with WordPress 6.6.1

2.1.7

Improve disable xmlrpc fallback method
Test compatibility with WordPress 6.7.1

Error

By elmo2000 on August 14, 2023

My whole site crashed . 500 server error. (.htacces failure) Unistalled, found another solution.

Hotlinking

By ajaxy12 on June 9, 2023

Could you please add capability to exclude spesific domain names from Disable Hotlinking and Leaching of Your Content section?

We want to show some of our content on other webiste via iframe

DO NOT INSTALL THIS! PHP BACKDOOR

By ben2358723823567 on May 29, 2023

WARNING! This extension will sneakily inject obfuscated yanz backdoor PHP scripts in your document root and will hijack your Wordpress site. THREE of my customers websites were hacked this week and the ONLY extension that they all have in common that recently got installed is Disable XML-RPC-API. They literally have nothing else in common and they don't know each other nor use the same theme nor even the same Wordpress release. BE WARNED.