XML-RPC Settings
Wordpress plugin
App Details
XML-RPC Settings
Configure XML-RPC methods to increase the security of your website:
Build-in features could be used for malicious purposes and cannot be disabled by default.
- Disable GET access
- XML-RPC API only responds to POST requests. Direct GET access is not needed and can be used to fingerprint websites and use them as XML-RPC zombies in later attacks.
- Disable system.multicall
- system.multicall method can be misused for amplification attacks.
- Disable system.listMethods
- system.listMethods method can be used for verifying attack scope.
Prevent malicious actors from enumerating usernames and credentials.
- Disable authenticated methods
- Methods requiring authentication, such as wp.getUsersBlogs, are often used to brute-force your passwords.
Pingbacks are a helpful feature to discover back-links to your posts but can be misused for DDoS attacks or allow fingerprinting your WP version.
- Disable pingbacks
- Pingbacks are generally safe, but are often used for DDoS attacks via system.multicall.
- Remove X-Pingback header
- If you decide to disable pingbacks, it’s a good practice to remove the X-Pingback header return by your posts.
- Hide WordPress version when verifying pingbacks
- Pingbacks’ user-agent can reveal your exact WordPress version, even when hidden by other plugins.
- Hide WordPress version when sending pingbacks
- Pingbacks’ user-agent can reveal your exact WordPress version, even when hidden by other plugins.
Unnecessary XML-RPC API, leave enabled if you are not sure.
- Disable Demo API
- Remove demo.sayHello and demo.addTwoNumbers methods, as they are not needed.
- Disable Blogger API
- WordPress supports the Blogger XML-RPC API methods.
- Disable MetaWeblog API
- WordPress supports the metaWeblog XML-RPC API.
- Disable MovableType API
- WordPress supports the MovableType XML-RPC API.
If you are using some integrations or WP mobile applications, it might be a good idea to allow XML-RPC only to specific IPs.
- Allow XML-RPC only for
- IP comma separated eg. 192.168.10.242, 192.168.10.241
It is possible to hide a message between the allowed methods when system.listMethods is called (not recommended).
- Add message to XML-RPC methods
- We are hiring! Check jobs.yourdomains.com
Pricing
Starting from $0 per month.
App Info
Rating
Reviewers
No reviews
Tags
Developed By
vavkamil
Quick & Easy
Find the Best Wordpress plugins for you
Common Ninja has a large selection of powerful Wordpress plugins that are easy to use, fully customizable, mobile-friendly and rich with features — so be sure to check them out!
Testimonial
Testimonial plugins for Wordpress
Galleries
Galleries plugins for Wordpress
SEO
SEO plugins for Wordpress
Contact Form
Contact Form plugins for Wordpress
Forms
Forms plugins for Wordpress
Social Feeds
Social Feeds plugins for Wordpress
Social Sharing
Social Sharing plugins for Wordpress
Events Calendar
Events Calendar plugins for Wordpress
Sliders
Sliders plugins for Wordpress
Analytics
Analytics plugins for Wordpress
Reviews
Reviews plugins for Wordpress
Comments
Comments plugins for Wordpress
Portfolio
Portfolio plugins for Wordpress
Maps
Maps plugins for Wordpress
Security
Security plugins for Wordpress
Translation
Translation plugins for Wordpress
Ads
Ads plugins for Wordpress
Video Player
Video Player plugins for Wordpress
Music Player
Music Player plugins for Wordpress
Backup
Backup plugins for Wordpress
Privacy
Privacy plugins for Wordpress
Optimize
Optimize plugins for Wordpress
Chat
Chat plugins for Wordpress
Countdown
Countdown plugins for Wordpress
Email Marketing
Email Marketing plugins for Wordpress
Tabs
Tabs plugins for Wordpress
Membership
Membership plugins for Wordpress
popup
popup plugins for Wordpress
SiteMap
SiteMap plugins for Wordpress
Payment
Payment plugins for Wordpress
Coming Soon
Coming Soon plugins for Wordpress
Ecommerce
Ecommerce plugins for Wordpress
Customer Support
Customer Support plugins for Wordpress
Inventory
Inventory plugins for Wordpress
Video Player
Video Player plugins for Wordpress
Testimonials
Testimonials plugins for Wordpress
Tabs
Tabs plugins for Wordpress
Social Sharing
Social Sharing plugins for Wordpress
Social Feeds
Social Feeds plugins for Wordpress
Slider
Slider plugins for Wordpress
Reviews
Reviews plugins for Wordpress
Portfolio
Portfolio plugins for Wordpress
Membership
Membership plugins for Wordpress
Forms
Forms plugins for Wordpress
Events Calendar
Events Calendar plugins for Wordpress
Contact
Contact plugins for Wordpress
Comments
Comments plugins for Wordpress
Analytics
Analytics plugins for Wordpress
Common Ninja Apps
Some of the best Common Ninja plugins for Wordpress
Browse our extensive collection of compatible plugins, and easily embed them on any website, blog, online store, e-commerce platform, or site builder.
Event Listings
Create event listings with an events board widget that displays upcoming activities clearly, helps visitors discover events, and supports easy management.
Image Magnifier
Use an image magnifier to let visitors zoom in on photos, view fine details clearly, and enjoy a more accessible and informative visual experience.
Video Poll
Create interactive video polls that use engaging clips to boost participation, gather insights, and help visitors vote in a more dynamic way.
App Store Reviews
Show Apple App Store reviews to build trust, strengthen credibility, and help visitors make confident download decisions that support app growth.
RSS Feed
Show fresh content from any source with an RSS feed that keeps your site updated, improves navigation, and boosts user engagement.
Image Grid Slider
Showcase visuals with an image grid slider that blends a grid layout and carousel motion to create a dynamic, customizable, mobile friendly display.
Skill List
Showcase your abilities with a structured skill list that highlights strengths clearly, builds credibility, and improves your chances of getting hired.
Company Branch List
Present all your locations with a clear company branch list that helps customers find nearby offices, understand key details, and enjoy a smoother experience.
Comparison Tables
Add comparison tables to your site to help visitors evaluate features side by side, understand differences quickly, and choose the right option with confidence.
Device Mockup
Show products, apps, or designs inside a clean device mockup that improves visualization, builds credibility, and helps visitors make confident decisions.
Charts & Graphs
Add charts and graphs to your site to present data clearly, help visitors understand insights faster, and support more confident decision making.
Flip Card Builder
Add interactive two-sided cards with flip effects to present front and back content in a compact, engaging format.
More plugins
plugins You Might Like
Discover Apps By Platform
Discover the best apps for your website
Common Ninja Search Engine
The Common Ninja Search Engine platform helps website builders find the best site widgets, apps, plugins, tools, add-ons, and extensions! Compatible with all major website building platforms - big or small - and updated regularly, our Search Engine tool provides you with the business tools your site needs!
