XML-RPC Settings

XML-RPC Settings

Wordpress plugin

Install on Wordpress

App Details

XML-RPC Settings

Configure XML-RPC methods to increase the security of your website:

Build-in features could be used for malicious purposes and cannot be disabled by default.

  • Disable GET access
    • XML-RPC API only responds to POST requests. Direct GET access is not needed and can be used to fingerprint websites and use them as XML-RPC zombies in later attacks.
  • Disable system.multicall
    • system.multicall method can be misused for amplification attacks.
  • Disable system.listMethods
    • system.listMethods method can be used for verifying attack scope.

Prevent malicious actors from enumerating usernames and credentials.

  • Disable authenticated methods
    • Methods requiring authentication, such as wp.getUsersBlogs, are often used to brute-force your passwords.

Pingbacks are a helpful feature to discover back-links to your posts but can be misused for DDoS attacks or allow fingerprinting your WP version.

  • Disable pingbacks
    • Pingbacks are generally safe, but are often used for DDoS attacks via system.multicall.
  • Remove X-Pingback header
    • If you decide to disable pingbacks, it’s a good practice to remove the X-Pingback header return by your posts.
  • Hide WordPress version when verifying pingbacks
    • Pingbacks’ user-agent can reveal your exact WordPress version, even when hidden by other plugins.
  • Hide WordPress version when sending pingbacks
    • Pingbacks’ user-agent can reveal your exact WordPress version, even when hidden by other plugins.

Unnecessary XML-RPC API, leave enabled if you are not sure.

  • Disable Demo API
    • Remove demo.sayHello and demo.addTwoNumbers methods, as they are not needed.
  • Disable Blogger API
    • WordPress supports the Blogger XML-RPC API methods.
  • Disable MetaWeblog API
    • WordPress supports the metaWeblog XML-RPC API.
  • Disable MovableType API
    • WordPress supports the MovableType XML-RPC API.

If you are using some integrations or WP mobile applications, it might be a good idea to allow XML-RPC only to specific IPs.

  • Allow XML-RPC only for
    • IP comma separated eg. 192.168.10.242, 192.168.10.241

It is possible to hide a message between the allowed methods when system.listMethods is called (not recommended).

  • Add message to XML-RPC methods
    • We are hiring! Check jobs.yourdomains.com

Pricing

Starting from $0 per month.

Check Out the Event Listings Widget

By Common Ninja

Event ListingsTry For Free!

App Info

Rating

Reviewers

No reviews

Tags

Brute Force
ddos
security
xmlrpc

Developed By

vavkamil

Quick & Easy

Find the Best Wordpress plugins for you

Common Ninja has a large selection of powerful Wordpress plugins that are easy to use, fully customizable, mobile-friendly and rich with features — so be sure to check them out!

Testimonial

Testimonial plugins for Wordpress

Galleries

Galleries plugins for Wordpress

SEO

SEO plugins for Wordpress

Contact Form

Contact Form plugins for Wordpress

Forms

Forms plugins for Wordpress

Social Feeds

Social Feeds plugins for Wordpress

Social Sharing

Social Sharing plugins for Wordpress

Events Calendar

Events Calendar plugins for Wordpress

Sliders

Sliders plugins for Wordpress

Analytics

Analytics plugins for Wordpress

Reviews

Reviews plugins for Wordpress

Comments

Comments plugins for Wordpress

Portfolio

Portfolio plugins for Wordpress

Maps

Maps plugins for Wordpress

Security

Security plugins for Wordpress

Translation

Translation plugins for Wordpress

Ads

Ads plugins for Wordpress

Video Player

Video Player plugins for Wordpress

Music Player

Music Player plugins for Wordpress

Backup

Backup plugins for Wordpress

Privacy

Privacy plugins for Wordpress

Optimize

Optimize plugins for Wordpress

Chat

Chat plugins for Wordpress

Countdown

Countdown plugins for Wordpress

Email Marketing

Email Marketing plugins for Wordpress

Tabs

Tabs plugins for Wordpress

Membership

Membership plugins for Wordpress

popup

popup plugins for Wordpress

SiteMap

SiteMap plugins for Wordpress

Payment

Payment plugins for Wordpress

Coming Soon

Coming Soon plugins for Wordpress

Ecommerce

Ecommerce plugins for Wordpress

Customer Support

Customer Support plugins for Wordpress

Inventory

Inventory plugins for Wordpress

Video Player

Video Player plugins for Wordpress

Testimonials

Testimonials plugins for Wordpress

Tabs

Tabs plugins for Wordpress

Social Sharing

Social Sharing plugins for Wordpress

Social Feeds

Social Feeds plugins for Wordpress

Slider

Slider plugins for Wordpress

Reviews

Reviews plugins for Wordpress

Portfolio

Portfolio plugins for Wordpress

Membership

Membership plugins for Wordpress

Forms

Forms plugins for Wordpress

Events Calendar

Events Calendar plugins for Wordpress

Contact

Contact plugins for Wordpress

Comments

Comments plugins for Wordpress

Analytics

Analytics plugins for Wordpress

Common Ninja Apps

Some of the best Common Ninja plugins for Wordpress

Browse our extensive collection of compatible plugins, and easily embed them on any website, blog, online store, e-commerce platform, or site builder.

Event Listings for Wordpress logo

Event Listings

Create event listings with an events board widget that displays upcoming activities clearly, helps visitors discover events, and supports easy management.

Image Magnifier for Wordpress logo

Image Magnifier

Use an image magnifier to let visitors zoom in on photos, view fine details clearly, and enjoy a more accessible and informative visual experience.

Video Poll for Wordpress logo

Video Poll

Create interactive video polls that use engaging clips to boost participation, gather insights, and help visitors vote in a more dynamic way.

App Store Reviews for Wordpress logo

App Store Reviews

Show Apple App Store reviews to build trust, strengthen credibility, and help visitors make confident download decisions that support app growth.

RSS Feed for Wordpress logo

RSS Feed

Show fresh content from any source with an RSS feed that keeps your site updated, improves navigation, and boosts user engagement.

Image Grid Slider for Wordpress logo

Image Grid Slider

Showcase visuals with an image grid slider that blends a grid layout and carousel motion to create a dynamic, customizable, mobile friendly display.

Skill List for Wordpress logo

Skill List

Showcase your abilities with a structured skill list that highlights strengths clearly, builds credibility, and improves your chances of getting hired.

Company Branch List for Wordpress logo

Company Branch List

Present all your locations with a clear company branch list that helps customers find nearby offices, understand key details, and enjoy a smoother experience.

Comparison Tables for Wordpress logo

Comparison Tables

Add comparison tables to your site to help visitors evaluate features side by side, understand differences quickly, and choose the right option with confidence.

Device Mockup for Wordpress logo

Device Mockup

Show products, apps, or designs inside a clean device mockup that improves visualization, builds credibility, and helps visitors make confident decisions.

Charts & Graphs for Wordpress logo

Charts & Graphs

Add charts and graphs to your site to present data clearly, help visitors understand insights faster, and support more confident decision making.

Flip Card Builder for Wordpress logo

Flip Card Builder

Add interactive two-sided cards with flip effects to present front and back content in a compact, engaging format.

More plugins

plugins You Might Like

Discover Apps By Platform

Discover the best apps for your website

WordPress
Wix
Shopify
Weebly
Webflow
Joomla
PrestaShop
Shift4Shop
WebsiteX5
MODX
Opencart
NopCommerce

Common Ninja Search Engine

The Common Ninja Search Engine platform helps website builders find the best site widgets, apps, plugins, tools, add-ons, and extensions! Compatible with all major website building platforms - big or small - and updated regularly, our Search Engine tool provides you with the business tools your site needs!

Multiple platforms