Disable XML-RPC-API

Disable XML-RPC-API

Wordpress plugin

Install on Wordpress

App Details

Protect your website from xmlrpc brute-force attacks,DOS and DDOS attacks, this plugin disables the XML-RPC and trackbacks-pingbacks on your WordPress website.

PLUGIN FEATURES
(These are options you can enable or disable each one)

  • Disable access to xmlrpc.php file using .httacess file
  • Automatically change htaccess file permission to read-only (0444)
  • Disable X-pingback to minimize CPU usage
  • Disable selected methods from XML-RPC
  • Remove pingback-ping link from header
  • Disable trackbacks and pingbacks to avoid spammers and hackers
  • Rename XML-RPC slug to whatever you want
  • Black list IPs for XML-RPC
  • White list IPs for XML-RPC
  • Some options to speed-up your wordpress website
  • Disable JSON REST API
  • Hide WordPress Version
  • Disable built-in WordPress file editor
  • Disable wlw manifest
  • And some other options

What is XMLRPC

XML-RPC, or XML Remote Procedure Call is a protocol which uses XML to encode its calls and HTTP as a transport mechanism.
Beginning in WordPress 3.5, XML-RPC is enabled by default. Additionally, the option to disable/enable XML-RPC was removed. For various reasons, site owners may wish to disable this functionality. This plugin provides an easy way to do so.

Why you should disable XML-RPC
Xmlrpc has two main weaknesses

  • Brute force attacks:
    Attackers try to login to WordPress using xmlrpc.php with as many username/password combinations as they can enter. A method within xmlrpc.php allows the attacker to use a single command (system.multicall) to guess hundreds of passwords. Daniel Cid at Sucuri described it well in October 2015: “With only 3 or 4 HTTP requests, the attackers could try thousands of passwords, bypassing security tools that are designed to look and block brute force attempts.”
  • Denial of Service Attacks via Pingback:
    Back in 2013, attackers sent Pingback requests through xmlrpc.php of approximately 2500 WordPress sites to “herd (these sites) into a voluntary botnet,” according to Gur Schatz at Incapsula. “This gives any attacker a virtually limitless set of IP addresses to Distribute a Denial of Service attack across a network of over 100 million WordPress sites, without having to compromise them.”

Pricing

Starting from $0 per month.

Check Out the Yelp Reviews Widget

By Common Ninja

Yelp ReviewsTry For Free!

App Info

Rating

Reviewers

40 reviews

Tags

disable xml-rpc
disable xmlrpc
xml-rpc
xmlrpc

Developed By

Amin Nazemi

Quick & Easy

Find the Best Wordpress plugins for you

Common Ninja has a large selection of powerful Wordpress plugins that are easy to use, fully customizable, mobile-friendly and rich with features — so be sure to check them out!

Testimonial

Testimonial plugins for Wordpress

Contact Form

Contact Form plugins for Wordpress

Maps

Maps plugins for Wordpress

Translation

Translation plugins for Wordpress

Chat

Chat plugins for Wordpress

Slider

Slider plugins for Wordpress

Reviews

Reviews plugins for Wordpress

Contact

Contact plugins for Wordpress

Galleries

Galleries plugins for Wordpress

SEO

SEO plugins for Wordpress

Forms

Forms plugins for Wordpress

Comments

Comments plugins for Wordpress

Backup

Backup plugins for Wordpress

Privacy

Privacy plugins for Wordpress

Optimize

Optimize plugins for Wordpress

Tabs

Tabs plugins for Wordpress

Social Sharing

Social Sharing plugins for Wordpress

Events Calendar

Events Calendar plugins for Wordpress

Comments

Comments plugins for Wordpress

Social Feeds

Social Feeds plugins for Wordpress

Social Sharing

Social Sharing plugins for Wordpress

Portfolio

Portfolio plugins for Wordpress

Video Player

Video Player plugins for Wordpress

popup

popup plugins for Wordpress

SiteMap

SiteMap plugins for Wordpress

Payment

Payment plugins for Wordpress

Coming Soon

Coming Soon plugins for Wordpress

Inventory

Inventory plugins for Wordpress

Testimonials

Testimonials plugins for Wordpress

Portfolio

Portfolio plugins for Wordpress

Membership

Membership plugins for Wordpress

Forms

Forms plugins for Wordpress

Analytics

Analytics plugins for Wordpress

Events Calendar

Events Calendar plugins for Wordpress

Sliders

Sliders plugins for Wordpress

Analytics

Analytics plugins for Wordpress

Reviews

Reviews plugins for Wordpress

Security

Security plugins for Wordpress

Ads

Ads plugins for Wordpress

Music Player

Music Player plugins for Wordpress

Countdown

Countdown plugins for Wordpress

Email Marketing

Email Marketing plugins for Wordpress

Membership

Membership plugins for Wordpress

Ecommerce

Ecommerce plugins for Wordpress

Customer Support

Customer Support plugins for Wordpress

Video Player

Video Player plugins for Wordpress

Tabs

Tabs plugins for Wordpress

Social Feeds

Social Feeds plugins for Wordpress

Common Ninja Apps

Some of the best Common Ninja plugins for Wordpress

Browse our extensive collection of compatible plugins, and easily embed them on any website, blog, online store, e-commerce platform, or site builder.

Yelp Reviews for Wordpress logo

Yelp Reviews

Show Yelp reviews to build trust, strengthen credibility, and help visitors make confident decisions that support higher sales.

Pomodoro Timer for Wordpress logo

Pomodoro Timer

Add a Pomodoro timer to your site so users can structure focus and break cycles, improving time management and productivity.

Real Estate Listings for Wordpress logo

Real Estate Listings

Create real estate listings with a listings widget that displays properties clearly, supports customization, and helps visitors explore homes more easily.

Social Proof for Wordpress logo

Social Proof

Show social proof that displays real user activity to build trust instantly, boost credibility, and help increase conversions across your site.

Team Member List for Wordpress logo

Team Member List

Present your team with a structured team member list that builds trust, supports credibility, and helps visitors connect with the people behind your brand.

Tilted Image for Wordpress logo

Tilted Image

Use tilted image effects to rotate visuals, add creative style, and keep visitors engaged with dynamic images on your site.

My Reviews on Amazon for Wordpress logo

My Reviews on Amazon

Show your Amazon product reviews with My Reviews on Amazon to build trust, boost credibility, and help visitors make confident purchase decisions.

Count-Up Clock for Wordpress logo

Count-Up Clock

Track time since important events with a count up clock that displays elapsed days and hours and keeps visitors engaged.

Instagram Slider for Wordpress logo

Instagram Slider

Add an Instagram slider to your site to display social posts dynamically and keep your visual content engaging and current.

Mastodon Feed for Wordpress logo

Mastodon Feed

Show Mastodon posts in a live Mastodon feed that keeps content fresh, strengthens your social presence, and helps visitors engage with your updates.

YouTube Carousel for Wordpress logo

YouTube Carousel

Show YouTube videos with a YouTube carousel that displays clips in a smooth, customizable layout to boost visibility and keep visitors engaged.

Google Play Reviews for Wordpress logo

Google Play Reviews

Show Google Play reviews for your Android app to build trust, strengthen credibility, and help visitors make confident download decisions.

More plugins

plugins You Might Like

Discover Apps By Platform

Discover the best apps for your website

WordPress
Wix
Shopify
Weebly
Webflow
Joomla
PrestaShop
Shift4Shop
WebsiteX5
MODX
Opencart
NopCommerce

Common Ninja Search Engine

The Common Ninja Search Engine platform helps website builders find the best site widgets, apps, plugins, tools, add-ons, and extensions! Compatible with all major website building platforms - big or small - and updated regularly, our Search Engine tool provides you with the business tools your site needs!

Multiple platforms