Simple XML-RPC Disabler

Simple XML-RPC Disabler Install Statistics

0
100%
Today: 0 Yesterday: 0 All-time: 944 downloads
Simple XML-RPC Disabler Icon

Try plugin: Simple XML-RPC Disabler

We'll create fresh WordPress site with Simple XML-RPC Disabler installed. You have 20 minutes to test the plugin after that site we'll be deleted.

Takes ~10 seconds to install.

About Simple XML-RPC Disabler

This plugin completely disables the XML-RPC API which can be abused by hackers on a WordPress site, providing an easy and simple way to disable/enable …

0


0


0


0


0

updated: 3 years ago
since: 4 years ago
author: Vikash Chand

Description

What Is xmlrpc.php?

XML-RPC is a remote procedure call (RPC) protocol, a feature included in WordPress, which enables data to be transmitted. It uses HTTP as the transport mechanism, and XML to encode its calls.

Unless you use remote technologies and mobile applications to update your WordPress site, you might not be familiar with XML-RPC. For the uninitiated, you can use xmlrpc.php to establish a remote connection to WordPress, and make updates to your site without directly logging in to your WordPress system.

XML-RPC is indeed useful for enabling remote connections between various external applications and WordPress. On the other hand, disabling this feature can help improve your site’s security.

Why You Should Disable xmlrpc.php?

The problem is that xmlrpc.php poses a security risk. It creates an additional access point to your site, which could leave it vulnerable to external attacks. Every time you authenticate XML-RPC, you need to supply your username and password. As you can imagine, this isn’t exactly ideal for security purposes.

For example, in order to prevent brute force attacks, you can limit login attempts on your WordPress site. However, with XML-RPC enabled, that limit does not exist. There’s no capping on login attempts, which means it’s only a matter of time before a determined cybercriminal gains access.

By disabling the feature, you are closing a potential area of entry for hackers.

XML-RPC functionality is turned on by default since WordPress 3.5. This plugin completely disables the XML-RPC API which can be abused by hackers on a WordPress site, providing an easy and simple way to disable/enable the XML-RPC API.

Requirements

  • WordPress 3.8.1 or higher.