Remove XML-RPC Methods

This plugin does more than just using the xmlrpc_enabled hook, because that is only used “To disable XML-RPC methods that require authentication”.

Activating this plugin will also disable pingbacks, trackbacks, and Really Simple Discovery (RSD), because these rely on XML-RPC.

It works with any webserver, because it does not use the .htaccess file.

Testing the plugin

From the command line you can test if the plugin is working correctly using cURL. Replace the example.com link to match your website:

curl -d '<?xml version="1.0"?><methodCall><methodName>system.listMethods</methodName><params><param><value><string/></value></param></params></methodCall>' https://example.com/xmlrpc.php

This should only return the following methods:
– system.multicall
– system.listMethods
– system.getCapabilities

1. Download the plugin and unzip it. Copy the files to the /wp-content/plugins/wee-remove-xmlrpc-methods directory
2. Activate the plugin through the ‘Plugins’ menu in WordPress

1.4.1

• Updated description and tags

1.4.0

• Tested with PHP 8.0
• Tested WordPress up to version 5.6.

1.3.1

• Correct description

1.3.0

• Replace PHP header function with http_response_code.
• Update readme.txt.
• Raise minimal supported WordPress version to 4.6.
• Tested WordPress up to version 5.5.

1.2.0

• Replace pings_open action function with built-in function.
• Increase pings_open action priority.
• Raise minimal supported WordPress version to 4.4.
• Tested WordPress up to version 5.4.

1.1.0

• Deactivate pingbacks on install.
• Remove RSD link reference.