Disable XML-RPC Pingback

Description

Stops abuse of your site’s XML-RPC by simply removing some methods used by attackers. While you can use the rest of XML-RPC methods.

This is more friendly than disabling totally XML-RPC, that it’s needed by some plugins and apps (I.e. Mobile apps or some Jetpack’s modules).

  • The original one.
  • Simple and effective.
  • No marketing buzz.
  • Maintained and updated when needed since 2014.
  • 100% compliant with WordPress coding standards which makes it fail safe.
  • 60,000+ active installations can’t be wrong.

If you’re happy with the plugin please don’t forget to give it a good rating, it will motivate me to keep sharing and improving this plugin (and others).

Features

Removes the following methods from XML-RPC interface.

  • pingback.ping
  • pingback.extensions.getPingbacks
  • X-Pingback from HTTP headers. This will hopefully stops some bots from trying to hit your xmlrpc.php file.

Requirements

  • WordPress 3.8.1 or higher.

Installation

  • Extract the zip file and just drop the contents in the wp-content/plugins/ directory of your WordPress installation (or install it directly from your dashboard) and then activate the plugin from Plugins page.
  • There’s not options page, simply install and activate.

Reviews

Miyzan 3, 2016 1 reply
I’m confused here… I see this plugin I’ve never heard of and I never installed… and the bad thing is; I can’t remove it! If this is a security plugin it sure doesn’t behave like it! It’s behaviour is a no-go for me. Update: My hosting provider admittd they have installed this plugin. But they never notified me. So now I’m giving a 5 star rating.
Read all 13 reviews

Contributors & Developers

“Disable XML-RPC Pingback” is open source software. The following people have contributed to this plugin.

Contributors

“Disable XML-RPC Pingback” has been translated into 14 locales. Thank you to the translators for their contributions.

Translate “Disable XML-RPC Pingback” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.2.2

  • Improved WP version checking to avoid a notice under certain versions of WP.

1.2.1

  • Minor changes to make code 100% compliant with WordPress Coding Standards.

1.2

  • Added support for X-Pingback header removal in recent versions of WP.

1.1

  • Added code to remove X-Pingback from HTTP headers as suggested by user https://wordpress.org/support/topic/remove-x-pingback-http-header

1.0

  • Initial release.