Disable XML-RPC

Beschreibung

Pretty simply, this plugin uses the built-in WordPress filter „xmlrpc_enabled“ to disable the XML-RPC API on a WordPress site running 3.5 or above.

Seit der WordPress-Version 3.5 ist die XML-RPC-Schnittstelle standardmäßig aktiviert. Außerdem wurde die Option entfernt, XML-RPC per Klick zu deaktivieren. Es gibt jedoch zahlreiche Gründe, warum man als Websitebetreiber diese Schnittstelle abschalten möchte. Dieses Plugin bietet eine einfache Möglichkeit, genau dies zu tun.

Screenshots

  • An example of the error that the WordPress mobile app will return when this plugin is enabled. This is expected and indicates that the plugin is working as intended.
  • An example of a curl command attempting to request data via XML-RPC calls to the site when the plugin is enabled. The error "XML-RPC services are disabled on this site" is expected and indicates that the plugin is working as intended.
  • An example of Danilo Ercoli's XML-RPC validator run against the site when the plugin is enabled. The error "Method not allowed" is expected and indicates that the plugin is working as intended.

Installation

  1. Lade den Ordner „disable-xml-rpc“ in das Verzeichnis /wp-content/plugins/ deiner WordPress-Installation hoch
  2. Aktiviere das Plugin im „Plugins“-Menü in WordPress
  3. The WordPress XML-RPC methods are now disabled!

Um XML-RPC wieder einzuschalten, musst du lediglich im „Plugins“-Menu das Plugin deaktivieren.

View the FAQ about „How do I know if the plugin is working?“ to verify that this is working as intended.

FAQ

Gibt es eine Bedienoberfläche für dieses Plugin?

Nein. Die Funktion ist so einfach, dass dies nicht nötig ist: Sobald das Plugin aktiviert ist, ist XML-RPC ausgeschaltet – und sobald das Plugin deaktiviert ist, ist XML-RPC wieder aktiv.

Woher weiß ich, dass das Plugin funktioniert?

There are a few easy methods for checking if XML-RPC is off:

  1. Try using an XML-RPC WordPress client, like the official WordPress mobile apps. The WordPress mobile app should tell you that „XML-RPC services are disabled on this site“ if the plugin is activated.
  2. Use the curl command to send an XML-RPC request to your site. If the response contains „XML-RPC services are disabled on this site“ then the plugin is working properly and WordPress will not send data back to XML-RPC requests.
  3. Try the XML-RPC Validator, written by Danilo Ercoli of the Automattic Mobile Team – the tool is available at http://xmlrpc.eritreo.it/. Information and source code for the tool are available on GitHub at https://github.com/daniloercoli/WordPress-XML-RPC-Validator. Keep in mind that you want the validator to fail and tell you that XML-RPC services are disabled.

See the screenshots for examples of what these tools will return when the plugin is enabled.

Etwas scheint nicht richtig zu funktionieren

If the plugin is activated, but XML-RPC appears to still be working … OR … the plugin is deactivated, but XML-RPC is not working, then it’s possible that another plugin or theme function is affecting the xmlrpc_enabled filter. Additionally, server configurations could be blocking XML-RPC (i.e. blocking access to xmlrpc.php in the .htaccess file).

Rezensionen

18. August 2021
I have used this product on a dozen of the websites I have built and have had positive results without exception. This plugin simplifies the process of securing my websites by disabling XML-RPC, and has worked on all versions of WordPress I have used it with over the past couple of years. Great product, Highly recommended!
5. Juni 2020
I'll add my voice to the growing choir of people saying this plugin no long works, unfortunately. At least not with WordPress v5.4.1. On the plus, all one has to do is change the permission of the xmlrpc.php (in the root of any WordPress domain) to 600, and problem solved.
15. September 2017
Thanks for this plugin. There's an instruction on FAQ on how to confirm if it's already working or not.
Alle 23 Rezensionen lesen

Mitwirkende & Entwickler

„Disable XML-RPC“ ist Open-Source-Software. Folgende Menschen haben an diesem Plugin mitgewirkt:

Mitwirkende

Übersetze „Disable XML-RPC“ in deine Sprache.

Interessiert an der Entwicklung?

Durchstöbere den Code, sieh dir das SVN Repository an oder abonniere das Entwicklungsprotokoll per RSS.

Änderungsprotokoll

1.0.1

  • Leerzeilen im Quellcode entfernt

1.0

  • Erstveröffentlichung