[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fOiYEMkJNG7kIngXpeHS-0Qks15MmDkhHT6Hkg-2LlSk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":134,"fingerprints":185},"simple-disable-xml-rpc","Simple Disable XML-RPC | Reduce Brute Force & DDOS Attacks","1.4.0","Delower Hossain","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdelower\u002F","\u003Cp>\u003Cstrong>Simple Disable XML-RPC\u003C\u002Fstrong> is a lightweight, powerful WordPress plugin that gives you complete control over your site’s XML-RPC functionality. Protect your WordPress site from brute force attacks, DDoS attempts, and other XML-RPC security vulnerabilities with just one click.\u003C\u002Fp>\n\u003Ch3>🔒 Why Disable XML-RPC?\u003C\u002Fh3>\n\u003Cp>XML-RPC is a remote communication protocol that allows external applications to interact with your WordPress site. While useful for some services, it’s frequently exploited by attackers for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Brute Force Attacks\u003C\u002Fstrong> – Automated password guessing attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DDoS Attacks\u003C\u002Fstrong> – Overwhelming your server with requests\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Resource Exhaustion\u003C\u002Fstrong> – Slowing down your website\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pingback Vulnerabilities\u003C\u002Fstrong> – Exploiting pingback features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>✨ Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>🎯 One-Click Control\u003C\u002Fstrong> – Modern toggle switch interface (NEW in v1.4.0)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔐 Enhanced Security\u003C\u002Fstrong> – Block XML-RPC attacks instantly\u003C\u002Fli>\n\u003Cli>\u003Cstrong>⚡ Improved Performance\u003C\u002Fstrong> – Reduce server load and resource usage\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🎨 Beautiful Admin Interface\u003C\u002Fstrong> – Clean, modern card-based design (NEW in v1.4.0)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🌐 Translation Ready\u003C\u002Fstrong> – Fully internationalized and translation-ready\u003C\u002Fli>\n\u003Cli>\u003Cstrong>📱 Mobile Responsive\u003C\u002Fstrong> – Settings page works perfectly on all devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🧹 Clean Uninstall\u003C\u002Fstrong> – Removes all data when uninstalled\u003C\u002Fli>\n\u003Cli>\u003Cstrong>⚙️ Developer Friendly\u003C\u002Fstrong> – Well-coded, follows WordPress standards\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔄 Regular Updates\u003C\u002Fstrong> – Actively maintained and tested with latest WordPress versions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>💯 Lightweight\u003C\u002Fstrong> – No bloat, minimal impact on your site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🆕 What’s New in Version 1.4.0\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>✅ Modern toggle switch replaces old checkbox\u003C\u002Fli>\n\u003Cli>✅ Beautiful card-based admin interface\u003C\u002Fli>\n\u003Cli>✅ Enhanced security with proper sanitization\u003C\u002Fli>\n\u003Cli>✅ Better code organization (OOP approach)\u003C\u002Fli>\n\u003Cli>✅ Improved accessibility and UX\u003C\u002Fli>\n\u003Cli>✅ Removes X-Pingback header when disabled\u003C\u002Fli>\n\u003Cli>✅ Fixed activation redirect for bulk installations\u003C\u002Fli>\n\u003Cli>✅ Better mobile responsive design\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🎯 Perfect For\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Security-focused website owners\u003C\u002Fli>\n\u003Cli>Sites that don’t use mobile apps or remote publishing\u003C\u002Fli>\n\u003Cli>Sites experiencing XML-RPC attacks\u003C\u002Fli>\n\u003Cli>Performance-conscious administrators\u003C\u002Fli>\n\u003Cli>Anyone wanting better control over WordPress features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔧 How It Works\u003C\u002Fh3>\n\u003Cp>This plugin uses the native WordPress \u003Ccode>xmlrpc_enabled\u003C\u002Fcode> filter to safely disable XML-RPC without modifying core files. Simply activate the plugin, toggle the switch on the settings page, and you’re protected!\u003C\u002Fp>\n\u003Ch3>⚠️ Important Note\u003C\u002Fh3>\n\u003Cp>Disabling XML-RPC may affect:\u003Cbr \u002F>\n* WordPress mobile apps\u003Cbr \u002F>\n* Jetpack (some features)\u003Cbr \u002F>\n* Remote publishing tools\u003Cbr \u002F>\n* Pingbacks and trackbacks\u003Cbr \u002F>\n* Third-party services that rely on XML-RPC\u003C\u002Fp>\n\u003Cp>Only disable XML-RPC if you don’t use these features.\u003C\u002Fp>\n\u003Ch3>🤝 Contributing & Bug Reports\u003C\u002Fh3>\n\u003Cp>Bug reports and pull requests are welcome on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress-Satkhira-Community\u002Fsimple-disable-xml-rpc\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>. Help us make this plugin better!\u003C\u002Fp>\n\u003Ch3>💝 Support the Development\u003C\u002Fh3>\n\u003Cp>If you find this plugin helpful, please consider:\u003Cbr \u002F>\n* ⭐ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-disable-xml-rpc\u002Freviews\u002F\" rel=\"ugc\">Rating it 5 stars\u003C\u002Fa>\u003Cbr \u002F>\n* 🐛 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress-Satkhira-Community\u002Fsimple-disable-xml-rpc\u002Fissues\" rel=\"nofollow ugc\">Reporting bugs\u003C\u002Fa>\u003Cbr \u002F>\n* 💬 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress-Satkhira-Community\u002Fsimple-disable-xml-rpc\u002Fissues\" rel=\"nofollow ugc\">Suggesting features\u003C\u002Fa>\u003Cbr \u002F>\n* ☕ \u003Ca href=\"https:\u002F\u002Fwww.wpsatkhira.com\u002Fdonate\" rel=\"nofollow ugc\">Buying us a coffee\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Simple Disable XML-RPC does not:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Collect any user data\u003C\u002Fli>\n\u003Cli>Store any personal information\u003C\u002Fli>\n\u003Cli>Make external API calls\u003C\u002Fli>\n\u003Cli>Use cookies or tracking\u003C\u002Fli>\n\u003Cli>Send data to third parties\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin only stores one setting in your WordPress database: whether XML-RPC is enabled or disabled.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help? We’re here for you!\u003C\u002Fp>\n\u003Cul>\n\u003Cli>📖 \u003Ca href=\"https:\u002F\u002Fwww.wpsatkhira.com\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>💬 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-disable-xml-rpc\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>🐛 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress-Satkhira-Community\u002Fsimple-disable-xml-rpc\u002Fissues\" rel=\"nofollow ugc\">Report Bugs\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>⭐ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-disable-xml-rpc\u002Freviews\u002F\" rel=\"ugc\">Rate Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed with ❤️ by \u003Ca href=\"https:\u002F\u002Fwww.wpsatkhira.com\" rel=\"nofollow ugc\">WordPress Satkhira Community\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Contributors:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdelower\u002F\" rel=\"nofollow ugc\">wpdelower\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmonarchwp23\u002F\" rel=\"nofollow ugc\">monarchwp23\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Special thanks to all our users and contributors who help make this plugin better!\u003C\u002Fp>\n","Simply disable XML-RPC on your WordPress site with a simple toggle switch. Protect your site from XML-RPC attacks and improve security.",1000,8616,100,5,"2025-11-09T02:27:00.000Z","6.8.5","6.1","7.4",[20,21,22,23,24],"disable-xml","disable-xml-rpc","wordpress-security","xml","xmlrpc","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-disable-xml-rpc\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-disable-xml-rpc.1.4.0.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":33,"avg_security_score":13,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"wpdelower",1250,345,79,"2026-04-04T04:29:59.125Z",[38,60,80,97,116],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":58,"download_link":59,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"disable-xml-rpc-api","Disable XML-RPC-API","2.1.7","Amin Nazemi","https:\u002F\u002Fprofiles.wordpress.org\u002Faminnz\u002F","\u003Cp>Protect your website from xmlrpc brute-force attacks,DOS and DDOS attacks, this plugin disables the XML-RPC and trackbacks-pingbacks on your WordPress website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>PLUGIN FEATURES\u003C\u002Fstrong>\u003Cbr \u002F>\n(These are options you can enable or disable each one)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable access to xmlrpc.php file using .httacess file \u003C\u002Fli>\n\u003Cli>Automatically change htaccess file permission to read-only (0444)\u003C\u002Fli>\n\u003Cli>Disable X-pingback to minimize CPU usage \u003C\u002Fli>\n\u003Cli>Disable selected methods from XML-RPC\u003C\u002Fli>\n\u003Cli>Remove pingback-ping link from header\u003C\u002Fli>\n\u003Cli>Disable trackbacks and pingbacks to avoid spammers and hackers\u003C\u002Fli>\n\u003Cli>Rename XML-RPC slug to whatever you want\u003C\u002Fli>\n\u003Cli>Black list IPs for XML-RPC\u003C\u002Fli>\n\u003Cli>White list IPs for XML-RPC\u003C\u002Fli>\n\u003Cli>Some options to speed-up your wordpress website\u003C\u002Fli>\n\u003Cli>Disable JSON REST API\u003C\u002Fli>\n\u003Cli>Hide WordPress Version\u003C\u002Fli>\n\u003Cli>Disable built-in WordPress file editor\u003C\u002Fli>\n\u003Cli>Disable wlw manifest\u003C\u002Fli>\n\u003Cli>And some other options\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>What is XMLRPC\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>XML-RPC, or XML Remote Procedure Call is a protocol which uses XML to encode its calls and HTTP as a transport mechanism.\u003Cbr \u002F>\nBeginning in WordPress 3.5, XML-RPC is enabled by default. Additionally, the option to disable\u002Fenable XML-RPC was removed. For various reasons, site owners may wish to disable this functionality. This plugin provides an easy way to do so.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why you should disable XML-RPC\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>Xmlrpc has two main weaknesses\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brute force attacks:\u003Cbr \u002F>\nAttackers try to login to WordPress using xmlrpc.php with as many username\u002Fpassword combinations as they can enter. A method within xmlrpc.php allows the attacker to use a single command (system.multicall) to guess hundreds of passwords. Daniel Cid at Sucuri described it well in October 2015: “With only 3 or 4 HTTP requests, the attackers could try thousands of passwords, bypassing security tools that are designed to look and block brute force attempts.”\u003C\u002Fli>\n\u003Cli>Denial of Service Attacks via Pingback:\u003Cbr \u002F>\nBack in 2013, attackers sent Pingback requests through xmlrpc.php of approximately 2500 WordPress sites to “herd (these sites) into a voluntary botnet,” according to Gur Schatz at Incapsula. “This gives any attacker a virtually limitless set of IP addresses to Distribute a Denial of Service attack across a network of over 100 million WordPress sites, without having to compromise them.”\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple and lightweight plugin to disable XML-RPC API, X-Pingback and pingback-ping in WordPress 3.5+ for a faster and more secure website",100000,792973,82,42,"2026-02-04T06:54:00.000Z","6.9.4","5.0","",[21,55,56,57,24],"disable-xmlrpc","pingback","stop-brute-force-attacks","https:\u002F\u002Fneatma.com\u002Fdsxmlrpc-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-xml-rpc-api.zip",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":13,"num_ratings":70,"last_updated":71,"tested_up_to":51,"requires_at_least":17,"requires_php":72,"tags":73,"homepage":78,"download_link":79,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"security-safe","Security Safe","3.0.1","Sovereign Stack, LLC","https:\u002F\u002Fprofiles.wordpress.org\u002Fsovstack\u002F","\u003Ch3>WP FIREWALL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Detects and Logs Threats\u003C\u002Fli>\n\u003Cli>Add Firewall Rules to Allow and Deny IP Addresses With Internal Notes\u003C\u002Fli>\n\u003Cli>Historical Log of Firewall Blocks With Visual Chart\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>WP LOGIN SECURITY\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Disable XML-RPC.php\u003C\u002Fli>\n\u003Cli>Brute Force Protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[Pro]\u003C\u002Fstrong> Automatically Block IPs Based on Threat Score\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[Pro]\u003C\u002Fstrong> Priority Support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>WP PRIVACY\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Hide WordPress CMS Version\u003C\u002Fli>\n\u003Cli>Hide Script Versions\u003C\u002Fli>\n\u003Cli>Make Website Anonymous During Updates\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[Pro]\u003C\u002Fstrong> Make Theme Versions Private\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[Pro]\u003C\u002Fstrong> Make Plugin Versions Private\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>WP CORE, THEME, AND PLUGIN FILE SECURITY\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Disable Editing Theme Files\u003C\u002Fli>\n\u003Cli>Audit & Fix File Permission\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[Pro]\u003C\u002Fstrong> Bulk Fix File Permissions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[Pro]\u003C\u002Fstrong> Automatically Fix Theme\u002FPlugin File Permissions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>OTHER FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>404 Error Logging\u003C\u002Fli>\n\u003Cli>Content Copyright Protection\u003C\u002Fli>\n\u003Cli>Audit Hosting Software Versions\u003C\u002Fli>\n\u003Cli>Various Logs and Charts\u003C\u002Fli>\n\u003Cli>Turn On\u002FOff All Security Policies Easily\u003C\u002Fli>\n\u003Cli>Import\u002FExport Settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Every WordPress security plugin becomes more complicated and bloated as more features are added. As a plugin’s code grows, it consumes more time to load, thus slowing down your website. Security Safe’s purpose is to protect your website from the majority of threats with minimal impact on website load time. We constantly test our load performance to ensure our features to ensure it continues to run fast and lean.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Note: \u003Ca href=\"https:\u002F\u002Fcheckout.freemius.com\u002Fmode\u002Fdialog\u002Fplugin\u002F2439\u002Fplan\u002F3762\u002F\" rel=\"nofollow ugc\">Upgrade to Security Safe Pro\u003C\u002Fa> to unlock advanced Pro features.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Twitter: \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002FwpSecuritySafe\u002F\" rel=\"nofollow ugc\">Follow Security Safe\u003C\u002Fa>\u003Cbr \u002F>\nWebsite: \u003Ca href=\"https:\u002F\u002Fwpsecuritysafe.com\" rel=\"nofollow ugc\">Security Safe\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>LANGUAGE SUPPORT\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>English (default)\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fsecurity-safe\" rel=\"nofollow ugc\">Translate this plugin in your language.\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Videos\u003C\u002Fh3>\n\u003Cp>\u003Ciframe loading=\"lazy\" title=\"Easy Setup in about 2 Minutes - WP Security Safe\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F360060065?dnt=1&app_id=122963\" width=\"750\" height=\"422\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write; encrypted-media; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\">\u003C\u002Fiframe>\u003C\u002Fp>\n\u003Ch3>More Plugins By The Same Author\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffix-alt-text\u002F\" rel=\"ugc\">Fix Alt Text\u003C\u002Fa> – Fix Alt Text will help you manage your image alt text easier for better website SEO and accessibility.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwhere-used\u002F\" rel=\"ugc\">WhereUsed\u003C\u002Fa> – Helps you find where pages and other things are referenced throughout your site.\u003C\u002Fli>\n\u003C\u002Ful>\n","This security plugin helps you quickly audit, harden, and secure your WordPress website.",700,20512,13,"2026-03-09T05:45:00.000Z","8.1",[74,55,75,76,77],"404-errors","firewall","limit-login","wp-security","https:\u002F\u002Fwpsecuritysafe.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-safe.3.0.1.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":13,"downloaded":88,"rating":27,"num_ratings":27,"last_updated":89,"tested_up_to":51,"requires_at_least":52,"requires_php":18,"tags":90,"homepage":95,"download_link":96,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"rationalcleanup","RationalCleanup","1.1.0","rationalwp","https:\u002F\u002Fprofiles.wordpress.org\u002Frationalwp\u002F","\u003Cp>RationalCleanup removes unnecessary WordPress features, hardens security, and improves performance. All 24 options are toggleable with sensible defaults that balance security and compatibility.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Head Tags\u003C\u002Fstrong>\u003Cbr \u002F>\nRemove unnecessary meta tags and links from the document head:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove WordPress generator meta tag (hides version number)\u003C\u002Fli>\n\u003Cli>Remove WLW manifest link\u003C\u002Fli>\n\u003Cli>Remove RSD link\u003C\u002Fli>\n\u003Cli>Remove shortlink\u003C\u002Fli>\n\u003Cli>Remove REST API discovery link\u003C\u002Fli>\n\u003Cli>Remove RSS feed links\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Frontend Bloat\u003C\u002Fstrong>\u003Cbr \u002F>\nRemove scripts and styles that most sites don’t need:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove emoji detection scripts and styles\u003C\u002Fli>\n\u003Cli>Remove jQuery Migrate from frontend\u003C\u002Fli>\n\u003Cli>Remove Gutenberg block library CSS\u003C\u002Fli>\n\u003Cli>Remove global styles and SVG filters\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security\u003C\u002Fstrong>\u003Cbr \u002F>\nHarden WordPress against common attack vectors:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable XML-RPC completely (prevents brute force and DDoS attacks)\u003C\u002Fli>\n\u003Cli>Prevent user enumeration (blocks author archives and REST API user endpoints)\u003C\u002Fli>\n\u003Cli>Obfuscate login error messages (prevents username discovery)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Performance\u003C\u002Fstrong>\u003Cbr \u002F>\nReduce unnecessary WordPress overhead:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable self-pingbacks\u003C\u002Fli>\n\u003Cli>Throttle Heartbeat API (reduces server load)\u003C\u002Fli>\n\u003Cli>Extend autosave interval (reduces database writes)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003Cbr \u002F>\nDisable major WordPress subsystems:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable comments system completely\u003C\u002Fli>\n\u003Cli>Disable block editor (force classic editor)\u003C\u002Fli>\n\u003Cli>Disable REST API for non-authenticated users\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Admin Cleanup\u003C\u002Fstrong>\u003Cbr \u002F>\nDeclutter the WordPress admin dashboard:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove WordPress Events and News widget\u003C\u002Fli>\n\u003Cli>Remove Quick Draft widget\u003C\u002Fli>\n\u003Cli>Remove At a Glance widget\u003C\u002Fli>\n\u003Cli>Remove Activity widget\u003C\u002Fli>\n\u003Cli>Remove Site Health Status widget\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Opinionated Defaults\u003C\u002Fh4>\n\u003Cp>RationalCleanup uses sensible defaults:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security options:\u003C\u002Fstrong> Enabled by default (XML-RPC disabled, user enumeration blocked)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Head cleanup:\u003C\u002Fstrong> Mostly enabled (safe, no compatibility issues)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Frontend cleanup:\u003C\u002Fstrong> Emoji and jQuery Migrate removal enabled\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Breaking features:\u003C\u002Fstrong> Disabled by default (comments, block editor, REST API restrictions)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin widgets:\u003C\u002Fstrong> Disabled by default\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>RationalWP Menu\u003C\u002Fh4>\n\u003Cp>This plugin uses a shared parent menu for all RationalWP plugins. When activated, you’ll see a \u003Cstrong>RationalWP\u003C\u002Fstrong> menu in your admin sidebar containing links to all installed RationalWP plugins.\u003C\u002Fp>\n","Clean up legacy WordPress bloat, improve security, and optimize performance with toggleable, opinionated defaults.",147,"2026-02-06T20:58:00.000Z",[91,55,92,93,94],"cleanup","optimization","performance","security","https:\u002F\u002Frationalwp.com\u002Fplugins\u002Fcleanup\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frationalcleanup.1.1.0.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":27,"num_ratings":27,"last_updated":53,"tested_up_to":107,"requires_at_least":108,"requires_php":53,"tags":109,"homepage":113,"download_link":114,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":115},"ab-wp-security","AB WP Security","1.51","abjelosevic","https:\u002F\u002Fprofiles.wordpress.org\u002Fabjelosevic\u002F","\u003Cp>Security plugin that stops User Enumeration in WordPress, removes WordPress Version Number, disable directory browsing and Disable XML-RPC\u003C\u002Fp>\n","Security plugin that stops User Enumeration in WordPress, removes WordPress Version Number, disable directory browsing and Disable XML-RPC",10,2486,"4.8.28","3.8",[110,21,111,112,94],"block","enumeration","remove-wordpress-version-number","http:\u002F\u002Faleksandar.bjelosevic.info\u002Fabwps","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fab-wp-security.1.51.zip","2026-03-15T10:48:56.248Z",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":27,"downloaded":124,"rating":27,"num_ratings":27,"last_updated":53,"tested_up_to":16,"requires_at_least":52,"requires_php":125,"tags":126,"homepage":132,"download_link":133,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":115},"qs-core-modules","QS Core Modules","1.0.16","Quantum Slice Corporation","https:\u002F\u002Fprofiles.wordpress.org\u002Fquantumslice\u002F","\u003Cp>This is an absolutely free plugin that takes care of most of the things we need to add to every installation we install.  This plugin is built for speed and functionality and every module included is easily turned on and off via a settings page.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Built for speed – wont bog down your site\u003C\u002Fli>\n\u003Cli>Easily customizable, every module has a settings page\u003C\u002Fli>\n\u003Cli>Each module can be turned on or off with a single checkbox making sure your site does not load code it does not need\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Modules:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>REMOVE WP VERSIONS & BLOAT MODULE\u003Cbr \u002F>\n— Options to remove WordPress version numbers from RSS Feeds, Rest API, Meta Generator tag and enqueued scriptsand CSS files\u003Cbr \u002F>\n— Remove Emoji related JS and code from front end and admin pages\u003Cbr \u002F>\n— Limit post revisions to debloat database for speed\u003Cbr \u002F>\n— Disable XMLRPC access for security\u003Cbr \u002F>\n— Disable WP-JSON access for security\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>ADD HEADER\u002FFOOTER CODE MODULE\u003Cbr \u002F>\n— Abillity to add scripts and tags to your  section and just before the closing  tag\u003Cbr \u002F>\n— Useful for adding analytics tags or any custom CSS\u002FJS code\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>ADD PHP MODULE\u003Cbr \u002F>\n— Ability for admins to add PHP files on the server and load \u002F run them via a shortcode anywhere on any page\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>MAINTENANCE MODE MODULE\u003Cbr \u002F>\n— Turn on Maintenance Mode that will display a custom “Site Under Mainentance” message to all visitors\u003Cbr \u002F>\n— Customizable maintenance message to display to visitors\u003Cbr \u002F>\n— Allows anyone logged in as an Admin to still view site for testing\u003Cbr \u002F>\n— Allows logins even when in maintenance mode to prevent being locked out\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>LIMIT BAD LOGIN ATTEMPTS MODULE\u003Cbr \u002F>\n— Module to track bad login attempts and block repeat bad logins by IP\u003Cbr \u002F>\n— Customizable lockout and attempt number settings\u003Cbr \u002F>\n— Repeat offenders get longer lockout times (customizable)\u003Cbr \u002F>\n— Has a built in rescue password (changeable by you) that allows you to reset your lockout if you or any user gets locked out by mistake\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Disclaimer & Terms of Use\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>By installing, enabling, or using this plugin (\u003Cstrong>including any modules, extensions, or additional code included or activated within it\u003C\u002Fstrong>), you acknowledge and agree to the following terms:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Use at Your Own Risk\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>This plugin is provided \u003Cstrong>“as-is”\u003C\u002Fstrong> without any warranties, guarantees, or assurances of any kind.  \u003C\u002Fli>\n\u003Cli>You assume \u003Cstrong>full responsibility\u003C\u002Fstrong> for any use of this plugin and any modifications or configurations you make.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>No Liability\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>We are \u003Cstrong>not responsible\u003C\u002Fstrong> for any \u003Cstrong>errors, malfunctions, security vulnerabilities, data loss, downtime, compatibility issues, or any unintended consequences\u003C\u002Fstrong> that may arise from installing, using, or modifying this plugin.  \u003C\u002Fli>\n\u003Cli>This includes \u003Cstrong>but is not limited to\u003C\u002Fstrong> conflicts with themes, other plugins, WordPress updates, or third-party services.  \u003C\u002Fli>\n\u003Cli>You agree that we are \u003Cstrong>not liable\u003C\u002Fstrong> for any direct, indirect, incidental, or consequential damages, including but not limited to financial loss, loss of data, business interruption, or any other damages related to this plugin.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Compatibility & Updates\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>This plugin \u003Cstrong>may not be compatible\u003C\u002Fstrong> with all WordPress themes, plugins, hosting environments, or future WordPress versions.  \u003C\u002Fli>\n\u003Cli>We make \u003Cstrong>no guarantees\u003C\u002Fstrong> regarding ongoing support, maintenance, or future updates for this plugin.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Backup & Security Best Practices\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Before installing or activating this plugin, you should perform a full backup\u003C\u002Fstrong> of your website, database, and any important data.  \u003C\u002Fli>\n\u003Cli>Regular backups are \u003Cstrong>strongly recommended\u003C\u002Fstrong> to prevent data loss.  \u003C\u002Fli>\n\u003Cli>You are responsible for ensuring that your website’s security measures, including firewalls and malware protection, are up to date.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Troubleshooting & Support\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>We \u003Cstrong>do not guarantee\u003C\u002Fstrong> support or assistance in troubleshooting issues caused by this plugin.  \u003C\u002Fli>\n\u003Cli>You are solely responsible for resolving any conflicts, errors, or compatibility issues that arise from using this plugin.  \u003C\u002Fli>\n\u003Cli>We are \u003Cstrong>not liable\u003C\u002Fstrong> for any costs, damages, or time spent on diagnosing or fixing issues related to this plugin.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Suggestions & Feedback\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If you wish to provide feedback, suggestions, or report issues, please visit: https:\u002F\u002FQuantumSlice.com\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>By installing or using this plugin, you acknowledge that you have read, understood, and agreed to the above terms. If you do not agree with these terms, \u003Cstrong>do not install or use this plugin\u003C\u002Fstrong> or if already installed uninstall it immediatgely.\u003C\u002Fp>\n","A very lightweight plugin to add core functionality that every WordPress install needs.",486,"7.0",[127,128,129,130,131],"disable-xmlrpc-and-wp-json","header-and-footer-scripts","limit-login-attempts","maintenance-mode","remove-version","https:\u002F\u002Fquantumslice.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqs-core-modules.1.0.16.zip",{"attackSurface":135,"codeSignals":171,"taintFlows":180,"riskAssessment":181,"analyzedAt":184},{"hooks":136,"ajaxHandlers":167,"restRoutes":168,"shortcodes":169,"cronEvents":170,"entryPointCount":27,"unprotectedCount":27},[137,143,147,151,154,159,162],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","admin_menu","add_settings_page","includes\\class-sdxrpc-admin.php",22,{"type":138,"name":144,"callback":145,"file":141,"line":146},"admin_init","register_settings",23,{"type":138,"name":148,"callback":149,"file":141,"line":150},"admin_enqueue_scripts","enqueue_admin_assets",24,{"type":138,"name":144,"callback":152,"file":141,"line":153},"activation_redirect",26,{"type":155,"name":156,"callback":157,"file":158,"line":142},"filter","xmlrpc_enabled","disable_xmlrpc","includes\\class-sdxrpc-core.php",{"type":155,"name":160,"callback":161,"file":158,"line":146},"wp_headers","remove_x_pingback_header",{"type":138,"name":163,"callback":164,"file":165,"line":166},"plugins_loaded","sdxrpc_init","simple-disable-xml-rpc.php",67,[],[],[],[],{"dangerousFunctions":172,"sqlUsage":173,"outputEscaping":175,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":178,"bundledLibraries":179},[],{"prepared":27,"raw":27,"locations":174},[],{"escaped":176,"rawEcho":27,"locations":177},3,[],1,[],[],{"summary":182,"deductions":183},"The 'simple-disable-xml-rpc' v1.4.0 plugin exhibits a strong security posture based on the provided static analysis. The plugin has no identified attack surface through AJAX, REST API, shortcodes, or cron events, meaning there are no direct entry points for external interaction. Furthermore, the code does not utilize dangerous functions, performs SQL queries exclusively with prepared statements, and ensures all output is properly escaped.  The lack of file operations and external HTTP requests further reduces potential risks. A single capability check is present, suggesting some level of authorization awareness.\n\nThe vulnerability history is also entirely clean, with no recorded CVEs of any severity. This, combined with the lack of any critical or high-severity taint flows in the static analysis, indicates a mature and secure development process. The plugin's core function appears to be well-implemented without introducing common web vulnerabilities. The absence of any identified security weaknesses in both static analysis and historical data suggests this plugin is likely safe for use.\n\nIn conclusion, the 'simple-disable-xml-rpc' v1.4.0 plugin demonstrates excellent security practices. Its minimal attack surface, absence of dangerous code patterns, secure data handling, and spotless vulnerability history collectively point to a highly secure and reliable tool. There are no evidence-backed deductions to be made from the provided data.",[],"2026-03-16T18:54:01.111Z",{"wat":186,"direct":196},{"assetPaths":187,"generatorPatterns":190,"scriptPaths":191,"versionParams":193},[188,189],"\u002Fwp-content\u002Fplugins\u002Fsimple-disable-xml-rpc\u002Fassets\u002Fcss\u002Fadmin-style.css","\u002Fwp-content\u002Fplugins\u002Fsimple-disable-xml-rpc\u002Fassets\u002Fjs\u002Fadmin-script.js",[],[192],"assets\u002Fjs\u002Fadmin-script.js",[194,195],"simple-disable-xml-rpc\u002Fassets\u002Fcss\u002Fadmin-style.css?ver=","simple-disable-xml-rpc\u002Fassets\u002Fjs\u002Fadmin-script.js?ver=",{"cssClasses":197,"htmlComments":211,"htmlAttributes":212,"restEndpoints":215,"jsGlobals":216,"shortcodeOutput":217},[198,199,200,201,202,203,204,205,206,207,208,209,210],"sdxrpc-settings-wrap","sdxrpc-container","sdxrpc-card","sdxrpc-card-header","sdxrpc-card-body","sdxrpc-setting-row","sdxrpc-setting-label","sdxrpc-setting-control","sdxrpc-toggle","sdxrpc-toggle-slider","sdxrpc-toggle-status","status-enabled","status-disabled",[],[213,214],"id=\"sdxrpc_disable_enabled\"","name=\"sdxrpc_disable_enabled\"",[],[],[]]