PHPackages itinerisltd/itineris-disable-xml-rpc - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. itinerisltd/itineris-disable-xml-rpc ActiveWordpress-plugin[Security](/categories/security) itinerisltd/itineris-disable-xml-rpc ==================================== Disable WordPress XML-RPC via actions and filters. 0.2.0(3y ago)634.0k↑16.7%2[1 issues](https://github.com/ItinerisLtd/itineris-disable-xml-rpc/issues)GPL-2.0-or-laterPHPPHP ^7.4 || ^8.0 Since Aug 29Pushed 3y ago12 watchersCompare [ Source](https://github.com/ItinerisLtd/itineris-disable-xml-rpc)[ Packagist](https://packagist.org/packages/itinerisltd/itineris-disable-xml-rpc)[ Docs](https://itinerisltd.github.io/itineris-disable-xml-rpc/)[ RSS](/packages/itinerisltd-itineris-disable-xml-rpc/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (5)Used By (0) Itineris Disable XML-RPC ======================== [](#itineris-disable-xml-rpc) [![Packagist Version](https://camo.githubusercontent.com/970d225b5944afa760a4f680758a86538c1b5f52526826f59ebc3dc82639f6da/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6974696e657269736c74642f6974696e657269732d64697361626c652d786d6c2d7270632e737667)](https://packagist.org/packages/itinerisltd/itineris-disable-xml-rpc)[![PHP from Packagist](https://camo.githubusercontent.com/5352989aac188c69fc1218f301f73002794cfff65980457c846fe5dfa3c5b854/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f6974696e657269736c74642f6974696e657269732d64697361626c652d786d6c2d7270632e737667)](https://packagist.org/packages/itinerisltd/itineris-disable-xml-rpc)[![Packagist Downloads](https://camo.githubusercontent.com/c6f86fe70d010ff429319a2b8d72c744a15345ffa39d64d71547852116387a33/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6974696e657269736c74642f6974696e657269732d64697361626c652d786d6c2d7270632e737667)](https://packagist.org/packages/itinerisltd/itineris-disable-xml-rpc)[![GitHub License](https://camo.githubusercontent.com/bfec4ec41a8080119cde0dd7f500aa4358842b2b3ee36097a10dd3c3c7202762/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f6974696e657269736c74642f6974696e657269732d64697361626c652d786d6c2d7270632e737667)](https://github.com/ItinerisLtd/itineris-disable-xml-rpc/blob/master/LICENSE)[![Hire Itineris](https://camo.githubusercontent.com/28070f6fe57ce0e650e45ceddf0f294c6ebb8e5248af50e801ed5d81026c076c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f486972652d4974696e657269732d6666363962342e737667)](https://www.itineris.co.uk/contact/) - [Goal](#goal) - [Why disable WordPress XML-RPC?](#why-disable-wordpress-xml-rpc) - [How?](#how) - [Requirements](#requirements) - [Installation](#installation) - [Alternative Installation](#alternative-installation) - [Known Issues](#known-issues) - [Incompatible Plugins](#incompatible-plugins) - [FAQs](#faqs) - [Can I use this with Trellis?](#can-i-use-this-with-trellis) - [Will you add support for older PHP versions?](#will-you-add-support-for-older-php-versions) - [It looks awesome. Where can I find some more goodies like this?](#it-looks-awesome-where-can-i-find-some-more-goodies-like-this) - [This isn't on wp.org. Where can I give a ⭐️⭐️⭐️⭐️⭐️ review?](#this-isnt-on-wporg-where-can-i-give-a-%EF%B8%8F%EF%B8%8F%EF%B8%8F%EF%B8%8F%EF%B8%8F-review) - [Feedback](#feedback) - [Change Log](#change-log) - [Security](#security) - [Credits](#credits) - [License](#license) Goal ---- [](#goal) Disable [WordPress XML-RPC](https://codex.wordpress.org/XML-RPC_Support) (i.e: `/wp/xmlrpc.php`) via actions and filters. Especially for those who can't control their servers, for example: [Kinsta](http://bit.ly/kinsta-com), [WP Engine](https://typist.tech/go/wp-engine) or other managed hosting. Why disable WordPress XML-RPC? ------------------------------ [](#why-disable-wordpress-xml-rpc) - [Kinsta: What is WordPress XML-RPC and How To Stop an Attack](http://bit.ly/kinsta-xml-rpc) - [WPMU DEV: XML-RPC and Why It’s Time to Remove it for WordPress Security](http://bit.ly/2C8TYtt) - [Sucuri: New Brute Force Attacks Exploiting XMLRPC in WordPress](http://bit.ly/2NwgQnX) - [Incapsula: WordPress Default Leaves Millions of Sites Exploitable for DDoS Attacks](http://bit.ly/2wtbpP6) - [LittleBizzy: How (And Why) To Disable WordPress XML-RPC](http://bit.ly/2LARmUr) How? ---- [](#how) Using actions and filters: - [xmlrpc\_enabled](https://developer.wordpress.org/reference/hooks/xmlrpc_enabled/) Disable all XML-RPC methods which require authentication. Note: The name is [misleading](https://developer.wordpress.org/reference/hooks/xmlrpc_enabled/#description)! - [xmlrpc\_methods](https://developer.wordpress.org/reference/hooks/xmlrpc_methods/) Remove all built-in/third-party XML-RPC methods. - [xmlrpc\_element\_limit](https://developer.wordpress.org/reference/hooks/xmlrpc_element_limit/) Limit the number of elements to parse in an XML-RPC response. Thus, make most XML-RPC requests fail. Requirements ------------ [](#requirements) - WordPress 4.9.8 or later - PHP 7.0 or later Installation ------------ [](#installation) ``` $ composer require itinerisltd/itineris-disable-xml-rpc ``` ### Alternative Installation [](#alternative-installation) Upload [itineris-disable-xml-rpc.php](./itineris-disable-xml-rpc.php) to `wp-content/plugins`. Known Issues ------------ [](#known-issues) ### Incompatible Plugins [](#incompatible-plugins) Unfortunately, some plugins still relying [WordPress XML-RPC](https://codex.wordpress.org/XML-RPC_Support): - [Jetpack](https://jetpack.com/support/getting-started-with-jetpack/troubleshooting-tips/) FAQs ---- [](#faqs) ### Can I use this with Trellis? [](#can-i-use-this-with-trellis) Yes, but you have a better choice - [trellis-disable-xml-rpc](https://github.com/ItinerisLtd/trellis-disable-xml-rpc) This plugin is for those who can't control their servers, for example: [Kinsta](http://bit.ly/kinsta-com), [WP Engine](https://typist.tech/go/wp-engine) or other managed hosting. ### Will you add support for older PHP versions? [](#will-you-add-support-for-older-php-versions) Never! This plugin will only works on [actively supported PHP versions](https://secure.php.net/supported-versions.php). Don't use it on **end of life** or **security fixes only** PHP versions. ### It looks awesome. Where can I find some more goodies like this? [](#it-looks-awesome-where-can-i-find-some-more-goodies-like-this) - Articles on [Itineris' blog](https://www.itineris.co.uk/blog/) - More projects on [Itineris' GitHub profile](https://github.com/itinerisltd) - Follow [@itineris\_ltd](https://twitter.com/itineris_ltd) and [@TangRufus](https://twitter.com/tangrufus) on Twitter - Hire [Itineris](https://www.itineris.co.uk/services/) to build your next awesome site ### This isn't on wp.org. Where can I give a ⭐️⭐️⭐️⭐️⭐️ review? [](#this-isnt-on-wporg-where-can-i-give-a-️️️️️-review) Thanks! Glad you like it. It's important to make my boss know somebody is using this project. Instead of giving reviews on wp.org, consider: - tweet something good with mentioning [@itineris\_ltd](https://twitter.com/itineris_ltd) - star this Github repo - watch this Github repo - write blog posts - submit pull requests - [hire Itineris](https://www.itineris.co.uk/services/) Feedback -------- [](#feedback) **Please provide feedback!** We want to make this library useful in as many projects as possible. Please submit an [issue](https://github.com/ItinerisLtd/itineris-disable-xml-rpc/issues/new) and point out what you do and don't like, or fork the project and make suggestions. **No issue is too small.** Change Log ---------- [](#change-log) Please see [CHANGELOG](./CHANGELOG.md) for more information on what has changed recently. Security -------- [](#security) If you discover any security related issues, please email instead of using the issue tracker. Credits ------- [](#credits) [Itineris Disable XML-RPC](https://github.com/ItinerisLtd/itineris-disable-xml-rpc) is a [Itineris Limited](https://www.itineris.co.uk/) project created by [Tang Rufus](https://typist.tech). Full list of contributors can be found [here](https://github.com/ItinerisLtd/itineris-disable-xml-rpc/graphs/contributors). License ------- [](#license) [Itineris Disable XML-RPC](https://github.com/ItinerisLtd/itineris-disable-xml-rpc) is licensed under the GPLv2 (or later) from the [Free Software Foundation](http://www.fsf.org/). Please see [License File](LICENSE) for more information. ### Health Score 34 — LowBetter than 77% of packages Maintenance17 Infrequent updates — may be unmaintained Popularity32 Limited adoption so far Community17 Small or concentrated contributor base Maturity60 Established project with proven stability Bus Factor1 Top contributor holds 54.5% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~774 days Total 3 Last Release 1266d ago PHP version history (2 changes)0.1.0PHP ^7.1 0.2.0PHP ^7.4 || ^8.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/c1b05c8ed4ea3f68173555264d0226d5faeb7f315ed9df91890c351ef576ce72?d=identicon)[TangRufus](/maintainers/TangRufus) ![](https://www.gravatar.com/avatar/1f6b0052977c5b438b9677de0189a69e4c2aa7c945eedd76fa3adac30dab067c?d=identicon)[codepuncher](/maintainers/codepuncher) --- Top Contributors [![tangrufus](https://avatars.githubusercontent.com/u/2259834?v=4)](https://github.com/tangrufus "tangrufus (6 commits)")[![codepuncher](https://avatars.githubusercontent.com/u/8135396?v=4)](https://github.com/codepuncher "codepuncher (4 commits)")[![pacotole](https://avatars.githubusercontent.com/u/1313076?v=4)](https://github.com/pacotole "pacotole (1 commits)") --- Tags securitywordpresswordpress-pluginxml-rpcwordpresssecurityxml-rpc ### Embed Badge ![Health badge](/badges/itinerisltd-itineris-disable-xml-rpc/health.svg) ``` [![Health](https://phpackages.com/badges/itinerisltd-itineris-disable-xml-rpc/health.svg)](https://phpackages.com/packages/itinerisltd-itineris-disable-xml-rpc) ``` ### Alternatives [brain/nonces OOP package for WordPress to deal with nonces. 26227.1k1](/packages/brain-nonces) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)