[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fzXqm-fmlTKhQ3kkqnrK53gal7NGY9Pf-1ZHGPRorTRU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":132,"fingerprints":157},"disable-pingbacks","Disable Pingbacks","1.0","Glen Scott","https:\u002F\u002Fprofiles.wordpress.org\u002Fglen_scott\u002F","\u003Cp>This plugin disables the Pingback functionality in your blog.\u003C\u002Fp>\n\u003Cp>If a request tries to use the pingback method, they will get an error:\u003C\u002Fp>\n\u003Cp>“server error. requested method pingback.ping does not exist.”\u003C\u002Fp>\n\u003Cp>Note:  Disabling pingbacks means you will not receive notifications when other blogs link to your content.\u003C\u002Fp>\n","This plugin disables the Pingback functionality in your blog.",100,3278,0,"2017-11-12T21:32:00.000Z","4.9.29","",[18,19,20],"ping-backs","security","xmlrpc","http:\u002F\u002Fwww.glenscott.co.uk\u002Fdisable-pingbacks\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-pingbacks.1.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":31,"computed_at":33},"glen_scott",4,920,80,30,"2026-04-04T09:03:20.850Z",[35,57,75,96,115],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":29,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":16,"tags":49,"homepage":54,"download_link":55,"security_score":56,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"manage-xml-rpc","Manage XML-RPC","1.0.2","brainvireinfo","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrainvireinfo\u002F","\u003Cp>You can now disable XML-RPC to avoid Brute force attack for given IPs or can even enable access for some IPs. XML-RPC on WordPress is actually an API that gives developers who build mobile apps, desktop apps and other services, the ability to talk to a WordPress site. The XML-RPC API that WordPress provides gives developers, a way to write applications (for you) that can do many of the things that you can do when logged into WordPress via the web interface.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Block XML-RPC by following way.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable pingback.ping, pingback.extensions.getPingbacks and Unset X-Pingback from HTTP headers, that will block bots to access specified method.\u003C\u002Fli>\n\u003Cli>Disable\u002FBlock XML-RPC for all users.\u003C\u002Fli>\n\u003C\u002Ful>\n","Enable\u002FDisable XML-RPC for all or based on IP list, also you can control pingback and Unset X-Pingback from HTTP headers.",6000,64108,60,"2024-12-02T07:10:00.000Z","6.7.5","4.0",[50,51,19,52,53],"block-xml-rpc","brute-force-attacks","xml-rpc-pingback","xmlrpc-php-attack","http:\u002F\u002Fwww.brainvire.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanage-xml-rpc.1.0.2.zip",92,{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":43,"downloaded":65,"rating":11,"num_ratings":29,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":16,"download_link":74,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"stop-xml-rpc-attacks","Stop XML-RPC Attacks","2.0.0","Pascal CESCATO","https:\u002F\u002Fprofiles.wordpress.org\u002Fpcescato\u002F","\u003Cp>Stop XML-RPC Attacks protects your WordPress site from XML-RPC brute force attacks, DDoS attempts, and reconnaissance probes while maintaining compatibility with essential services like Jetpack and WooCommerce.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Three security modes: Full Disable, Guest Disable, or Selective Blocking\u003C\u002Fli>\n\u003Cli>Blocks dangerous methods: system.multicall, pingback.ping, and more\u003C\u002Fli>\n\u003Cli>Compatible with Jetpack and WooCommerce\u003C\u002Fli>\n\u003Cli>Optional user enumeration blocking\u003C\u002Fli>\n\u003Cli>Attack logging for monitoring\u003C\u002Fli>\n\u003Cli>Zero configuration required – works out of the box\u003C\u002Fli>\n\u003Cli>Clean, intuitive admin interface\u003C\u002Fli>\n\u003C\u002Ful>\n","Blocks dangerous XML-RPC methods while preserving Jetpack, WooCommerce, and mobile apps compatibility.",26717,"2026-01-01T13:41:00.000Z","6.9.4","6.0","7.4",[71,72,73,19,20],"brute-force","ddos","jetpack","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstop-xml-rpc-attacks.2.0.0.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":11,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":94,"download_link":95,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"rest-xmlrpc-data-checker","REST XML-RPC Data Checker","1.4.0","Enrico Sorcinelli","https:\u002F\u002Fprofiles.wordpress.org\u002Fenricosorcinelli\u002F","\u003Cp>JSON REST API and XML-RPC API are powerful ways to remotely interact with WordPress.\u003C\u002Fp>\n\u003Cp>If you don’t have external applications that need to communicate with your WordPress instance using JSON REST API or XML-RPC API you should disable access to them for external requests.\u003C\u002Fp>\n\u003Cp>In the standard WordPress installation JSON REST API and XML-RPC API are enabled by default.\u003Cbr \u002F>\nIn particular the REST API is turned on also for unlogged users. This means that your WordPress instance is potentially leaking data, for example anyone could be able to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>copy easily your published contents natively with the REST API (and not with a web crawler);\u003C\u002Fli>\n\u003Cli>get the list of all users (with their ID, nickname and name);\u003C\u002Fli>\n\u003Cli>retrieve other information that you didn’t want to be public (such as an unlisted published page or a saved media not yet used).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Even if you could do the stuff by writing your own code using native filters, this plugin aims to help you to control JSON REST API and XML-RPC API accesses from the administration panel or programmatically by a simple API filter.\u003C\u002Fp>\n\u003Ch3>Basic Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Disable REST API\u003C\u002Fstrong> interface for unlogged users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable JSONP support\u003C\u002Fstrong> on REST API.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Add Basic Authentication\u003C\u002Fstrong> to REST API.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remove\u003C\u002Fstrong> REST \u003Ccode>\u003Clink>\u003C\u002Fcode> tags, REST \u003Ccode>Link\u003C\u002Fcode> HTTP header and REST Really Simple Discovery (RSD) informations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup trusted users, IP\u002FNetworks and endpoints\u003C\u002Fstrong> for unlogged users REST requests.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Change REST endpoint prefix\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable XML-RPC API\u003C\u002Fstrong> interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remove\u003C\u002Fstrong> \u003Ccode>\u003Clink>\u003C\u002Fcode> to the Really Simple Discovery (RDS) informations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remove\u003C\u002Fstrong> \u003Ccode>X-Pingback\u003C\u002Fcode> HTTP header.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setup trusted users, IP\u002FNetworks and methods\u003C\u002Fstrong> for XML-RPC requests.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Show user’s access informations\u003C\u002Fstrong> in users list administration screen.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Once the plugin is installed you can control settings in the following ways:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Using the \u003Cem>Settings->REST XML-RPC Data Checker\u003C\u002Fem> administration screen.\u003C\u002Fli>\n\u003Cli>Programmatically, by using \u003Ccode>rest_xmlrpc_data_checker_settings\u003C\u002Fcode> filter (see below).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>API\u003C\u002Fh3>\n\u003Ch4>Hooks\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>\u003Ccode>rest_xmlrpc_data_checker_settings\u003C\u002Fcode>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Filters plugin settings values.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>apply_filters( 'rest_xmlrpc_data_checker_settings', array $settings )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>\u003Ccode>rest_xmlrpc_data_checker_admin_settings\u003C\u002Fcode>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Filter allowing to display or not the plugin settings page in the administration.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>apply_filters( 'rest_xmlrpc_data_checker_admin_settings', boolean $display )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>\u003Ccode>rest_xmlrpc_data_checker_rest_error\u003C\u002Fcode>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Filter JSON REST authentication error after plugin checks.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>apply_filters( 'rest_xmlrpc_data_checker_rest_error', WP_Error|boolean $result )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>\u003Ccode>xmlrpc_before_insert_post\u003C\u002Fcode>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Filter XML-RPC post data to be inserted via XML-RPC before to insert post into database.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>apply_filters( 'xmlrpc_before_insert_post', array|IXR_Error $content_struct, WP_User $user )\n\u003C\u002Fcode>\u003C\u002Fpre>\n","REST XML-RPC Data Checker allow to check JSON REST and XML-RPC API requests and grant access permissions.",1000,10954,3,"2022-08-04T06:44:00.000Z","6.0.11","4.4","5.2.4",[91,92,93,19,20],"api","json","rest","https:\u002F\u002Fgithub.com\u002Fenrico-sorcinelli\u002Frest-xmlrpc-data-checker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frest-xmlrpc-data-checker.1.4.0.zip",{"slug":97,"name":98,"version":78,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":83,"downloaded":103,"rating":11,"num_ratings":104,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":69,"tags":108,"homepage":113,"download_link":114,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"simple-disable-xml-rpc","Simple Disable XML-RPC | Reduce Brute Force & DDOS Attacks","Delower Hossain","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdelower\u002F","\u003Cp>\u003Cstrong>Simple Disable XML-RPC\u003C\u002Fstrong> is a lightweight, powerful WordPress plugin that gives you complete control over your site’s XML-RPC functionality. Protect your WordPress site from brute force attacks, DDoS attempts, and other XML-RPC security vulnerabilities with just one click.\u003C\u002Fp>\n\u003Ch3>🔒 Why Disable XML-RPC?\u003C\u002Fh3>\n\u003Cp>XML-RPC is a remote communication protocol that allows external applications to interact with your WordPress site. While useful for some services, it’s frequently exploited by attackers for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Brute Force Attacks\u003C\u002Fstrong> – Automated password guessing attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DDoS Attacks\u003C\u002Fstrong> – Overwhelming your server with requests\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Resource Exhaustion\u003C\u002Fstrong> – Slowing down your website\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pingback Vulnerabilities\u003C\u002Fstrong> – Exploiting pingback features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>✨ Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>🎯 One-Click Control\u003C\u002Fstrong> – Modern toggle switch interface (NEW in v1.4.0)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔐 Enhanced Security\u003C\u002Fstrong> – Block XML-RPC attacks instantly\u003C\u002Fli>\n\u003Cli>\u003Cstrong>⚡ Improved Performance\u003C\u002Fstrong> – Reduce server load and resource usage\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🎨 Beautiful Admin Interface\u003C\u002Fstrong> – Clean, modern card-based design (NEW in v1.4.0)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🌐 Translation Ready\u003C\u002Fstrong> – Fully internationalized and translation-ready\u003C\u002Fli>\n\u003Cli>\u003Cstrong>📱 Mobile Responsive\u003C\u002Fstrong> – Settings page works perfectly on all devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🧹 Clean Uninstall\u003C\u002Fstrong> – Removes all data when uninstalled\u003C\u002Fli>\n\u003Cli>\u003Cstrong>⚙️ Developer Friendly\u003C\u002Fstrong> – Well-coded, follows WordPress standards\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔄 Regular Updates\u003C\u002Fstrong> – Actively maintained and tested with latest WordPress versions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>💯 Lightweight\u003C\u002Fstrong> – No bloat, minimal impact on your site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🆕 What’s New in Version 1.4.0\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>✅ Modern toggle switch replaces old checkbox\u003C\u002Fli>\n\u003Cli>✅ Beautiful card-based admin interface\u003C\u002Fli>\n\u003Cli>✅ Enhanced security with proper sanitization\u003C\u002Fli>\n\u003Cli>✅ Better code organization (OOP approach)\u003C\u002Fli>\n\u003Cli>✅ Improved accessibility and UX\u003C\u002Fli>\n\u003Cli>✅ Removes X-Pingback header when disabled\u003C\u002Fli>\n\u003Cli>✅ Fixed activation redirect for bulk installations\u003C\u002Fli>\n\u003Cli>✅ Better mobile responsive design\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🎯 Perfect For\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Security-focused website owners\u003C\u002Fli>\n\u003Cli>Sites that don’t use mobile apps or remote publishing\u003C\u002Fli>\n\u003Cli>Sites experiencing XML-RPC attacks\u003C\u002Fli>\n\u003Cli>Performance-conscious administrators\u003C\u002Fli>\n\u003Cli>Anyone wanting better control over WordPress features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔧 How It Works\u003C\u002Fh3>\n\u003Cp>This plugin uses the native WordPress \u003Ccode>xmlrpc_enabled\u003C\u002Fcode> filter to safely disable XML-RPC without modifying core files. Simply activate the plugin, toggle the switch on the settings page, and you’re protected!\u003C\u002Fp>\n\u003Ch3>⚠️ Important Note\u003C\u002Fh3>\n\u003Cp>Disabling XML-RPC may affect:\u003Cbr \u002F>\n* WordPress mobile apps\u003Cbr \u002F>\n* Jetpack (some features)\u003Cbr \u002F>\n* Remote publishing tools\u003Cbr \u002F>\n* Pingbacks and trackbacks\u003Cbr \u002F>\n* Third-party services that rely on XML-RPC\u003C\u002Fp>\n\u003Cp>Only disable XML-RPC if you don’t use these features.\u003C\u002Fp>\n\u003Ch3>🤝 Contributing & Bug Reports\u003C\u002Fh3>\n\u003Cp>Bug reports and pull requests are welcome on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress-Satkhira-Community\u002Fsimple-disable-xml-rpc\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>. Help us make this plugin better!\u003C\u002Fp>\n\u003Ch3>💝 Support the Development\u003C\u002Fh3>\n\u003Cp>If you find this plugin helpful, please consider:\u003Cbr \u002F>\n* ⭐ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-disable-xml-rpc\u002Freviews\u002F\" rel=\"ugc\">Rating it 5 stars\u003C\u002Fa>\u003Cbr \u002F>\n* 🐛 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress-Satkhira-Community\u002Fsimple-disable-xml-rpc\u002Fissues\" rel=\"nofollow ugc\">Reporting bugs\u003C\u002Fa>\u003Cbr \u002F>\n* 💬 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress-Satkhira-Community\u002Fsimple-disable-xml-rpc\u002Fissues\" rel=\"nofollow ugc\">Suggesting features\u003C\u002Fa>\u003Cbr \u002F>\n* ☕ \u003Ca href=\"https:\u002F\u002Fwww.wpsatkhira.com\u002Fdonate\" rel=\"nofollow ugc\">Buying us a coffee\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Simple Disable XML-RPC does not:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Collect any user data\u003C\u002Fli>\n\u003Cli>Store any personal information\u003C\u002Fli>\n\u003Cli>Make external API calls\u003C\u002Fli>\n\u003Cli>Use cookies or tracking\u003C\u002Fli>\n\u003Cli>Send data to third parties\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin only stores one setting in your WordPress database: whether XML-RPC is enabled or disabled.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help? We’re here for you!\u003C\u002Fp>\n\u003Cul>\n\u003Cli>📖 \u003Ca href=\"https:\u002F\u002Fwww.wpsatkhira.com\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>💬 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-disable-xml-rpc\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>🐛 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress-Satkhira-Community\u002Fsimple-disable-xml-rpc\u002Fissues\" rel=\"nofollow ugc\">Report Bugs\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>⭐ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-disable-xml-rpc\u002Freviews\u002F\" rel=\"ugc\">Rate Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed with ❤️ by \u003Ca href=\"https:\u002F\u002Fwww.wpsatkhira.com\" rel=\"nofollow ugc\">WordPress Satkhira Community\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Contributors:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdelower\u002F\" rel=\"nofollow ugc\">wpdelower\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmonarchwp23\u002F\" rel=\"nofollow ugc\">monarchwp23\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Special thanks to all our users and contributors who help make this plugin better!\u003C\u002Fp>\n","Simply disable XML-RPC on your WordPress site with a simple toggle switch. Protect your site from XML-RPC attacks and improve security.",8616,5,"2025-11-09T02:27:00.000Z","6.8.5","6.1",[109,110,111,112,20],"disable-xml","disable-xml-rpc","wordpress-security","xml","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-disable-xml-rpc\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-disable-xml-rpc.1.4.0.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":83,"downloaded":123,"rating":11,"num_ratings":124,"last_updated":125,"tested_up_to":67,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":130,"download_link":131,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"wee-remove-xmlrpc-methods","Remove XML-RPC Methods","1.4.1","Walter Ebert","https:\u002F\u002Fprofiles.wordpress.org\u002Fwalterebert\u002F","\u003Cp>This plugin does more than just using the \u003Ccode>xmlrpc_enabled\u003C\u002Fcode> hook, because that is only used “To disable XML-RPC methods that require authentication”.\u003C\u002Fp>\n\u003Cp>Activating this plugin will also disable pingbacks, trackbacks, and Really Simple Discovery (RSD), because these rely on XML-RPC.\u003C\u002Fp>\n\u003Cp>It works with any webserver, because it does not use the .htaccess file.\u003C\u002Fp>\n\u003Ch4>Testing the plugin\u003C\u002Fh4>\n\u003Cp>From the command line you can test if the plugin is working correctly using \u003Ca href=\"https:\u002F\u002Fcurl.haxx.se\u002F\" rel=\"nofollow ugc\">cURL\u003C\u002Fa>. Replace the \u003Ccode>example.com\u003C\u002Fcode> link to match your website:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>curl -d '\u003C?xml version=\"1.0\"?>\u003CmethodCall>\u003CmethodName>system.listMethods\u003C\u002FmethodName>\u003Cparams>\u003Cparam>\u003Cvalue>\u003Cstring\u002F>\u003C\u002Fvalue>\u003C\u002Fparam>\u003C\u002Fparams>\u003C\u002FmethodCall>' https:\u002F\u002Fexample.com\u002Fxmlrpc.php\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This should only return the following methods:\u003Cbr \u002F>\n– \u003Ccode>system.multicall\u003C\u002Fcode>\u003Cbr \u002F>\n– \u003Ccode>system.listMethods\u003C\u002Fcode>\u003Cbr \u002F>\n– \u003Ccode>system.getCapabilities\u003C\u002Fcode>\u003C\u002Fp>\n","Remove all WordPress methods from the XML-RPC API to increase security.",11616,2,"2025-12-02T20:41:00.000Z","4.6","5.4.0",[19,129,20],"xml-rpc","https:\u002F\u002Fgitlab.com\u002Fwalterebert\u002Fwee-remove-xmlrpc-methods","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwee-remove-xmlrpc-methods.1.4.1.zip",{"attackSurface":133,"codeSignals":145,"taintFlows":152,"riskAssessment":153,"analyzedAt":156},{"hooks":134,"ajaxHandlers":141,"restRoutes":142,"shortcodes":143,"cronEvents":144,"entryPointCount":13,"unprotectedCount":13},[135],{"type":136,"name":137,"callback":138,"file":139,"line":140},"filter","xmlrpc_methods","closure","disable-pingbacks.php",12,[],[],[],[],{"dangerousFunctions":146,"sqlUsage":147,"outputEscaping":149,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":151},[],{"prepared":13,"raw":13,"locations":148},[],{"escaped":13,"rawEcho":13,"locations":150},[],[],[],{"summary":154,"deductions":155},"The \"disable-pingbacks\" v1.0 plugin exhibits a strong security posture based on the provided static analysis.  There are no identified entry points into the plugin's code that are exposed to attack without authentication, nor are there any evident dangerous functions, raw SQL queries, unescaped output, file operations, or external HTTP requests. The absence of any taint analysis findings further reinforces this positive assessment, indicating no pathways for unsanitized data to be processed.  Furthermore, the plugin's vulnerability history is completely clean, with no recorded CVEs of any severity, which is a significant indicator of robust development and security awareness.",[],"2026-03-16T21:00:35.944Z",{"wat":158,"direct":163},{"assetPaths":159,"generatorPatterns":160,"scriptPaths":161,"versionParams":162},[],[],[],[],{"cssClasses":164,"htmlComments":165,"htmlAttributes":166,"restEndpoints":167,"jsGlobals":168,"shortcodeOutput":169},[],[],[],[],[],[]]