Disables the XML-RPC API in WordPress 3.5+, which is enabled by default.
Pretty simply, this plugin uses the built-in WordPress filter “xmlrpc_enabled” to disable the XML-RPC API on a WordPress site running 3.5 or above.
Beginning in 3.5, XML-RPC is enabled by default. Additionally, the option to disable/enable XML-RPC was removed. For various reasons, site owners may wish to disable this functionality. This plugin provides an easy way to do so.
/wp-content/plugins/
directory in your WordPress installationTo re-enable XML-RPC, just deactivate the plugin through the ‘Plugins’ menu.
View the FAQ about “How do I know if the plugin is working?” to verify that this is working as intended.
An example of the error that the WordPress mobile app will return when this plugin is enabled. This is expected and indicates that the plugin is working as intended.
An example of a curl command attempting to request data via XML-RPC calls to the site when the plugin is enabled. The error "XML-RPC services are disabled on this site" is expected and indicates that the plugin is working as intended.
An example of Danilo Ercoli's XML-RPC validator run against the site when the plugin is enabled. The error "Method not allowed" is expected and indicates that the plugin is working as intended.
No. This plugin is as simple as XML-RPC is off (plugin activated) or XML-RPC is on (plugin is deactivated).
There are a few easy methods for checking if XML-RPC is off:
See the screenshots for examples of what these tools will return when the plugin is enabled.
If the plugin is activated, but XML-RPC appears to still be working … OR … the plugin is deactivated, but XML-RPC is not working, then it’s possible that another plugin or theme function is affecting the xmlrpc_enabled filter. Additionally, server configurations could be blocking XML-RPC (i.e. blocking access to xmlrpc.php in the .htaccess file).