[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fyL7qIxEsRiFgD_7uKeVaaphiQj4Md3eREHH2qZUOM6Y":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":143,"fingerprints":388},"yd-webhook-to-xml-rpc","YD Webhook to XML-RPC","0.1.0","Yann at WP&Co","https:\u002F\u002Fprofiles.wordpress.org\u002Fydubois\u002F","\u003Ch4>Implement incoming Webhooks in WordPress\u003C\u002Fh4>\n\u003Cp>This plugin implements a simple gateway to transform webhook calls into regular XML-RPC calls.\u003C\u002Fp>\n\u003Cp>WordPress has a very comprehensive XML-RPC API. This gateway will automatically accept webhook calls and convert them into XML-RPC.\u003C\u002Fp>\n\u003Cp>It listen to Webhooks to trigger XML-RPC methods in WordPress.\u003C\u002Fp>\n\u003Cp>It provides a simple short \u002Fwebhook URL for triggering WordPress events.\u003C\u002Fp>\n\u003Cp>From then on you can use the well-known and well-documented native WordPress XMLRPC API to respond to webhooks and implement needed features in your plugins and custom functions.\u003C\u002Fp>\n\u003Cp>The incoming webhook POST data payload will be transferred as-is to the XML-RPC method. It should be XML for it to work well.\u003C\u002Fp>\n\u003Cp>Needs PHP5.\u003C\u002Fp>\n\u003Ch4>Webhook syntax\u003C\u002Fh4>\n\u003Cp>If you are using pretty permalinks:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>http:\u002F\u002F[your-site]\u002Fwebhook?method=misc.method\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If you are not using permalinks, you need to call the long full url:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>http:\u002F\u002F[your-site]\u002Fwp-content\u002Fplugins\u002Fyd-webhook-to-xml-rpc\u002Fwebhook.php?method=misc.method\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>replace \u003Ccode>misc.method\u003C\u002Fcode> with any XML-RPC method, either WordPress built-in, or your own, or from a third-party plugin.\u003C\u002Fp>\n\u003Ch4>Uses\u003C\u002Fh4>\n\u003Cp>This gateway has successfully been used to listen to Shopify webhooks to trigger WordPress events (such as upgrade user status when a purchase has been completed).\u003C\u002Fp>\n\u003Ch4>Active support\u003C\u002Fh4>\n\u003Cp>Drop me a line on my \u003Ca href=\"http:\u002F\u002Fwww.yann.com\u002Fen\u002Fwp-plugins\u002Fyd-webhook-to-xml-rpc\" title=\"Yann Dubois' Webhook to XML-RPC plugin\" rel=\"nofollow ugc\">YD Webhook to XML-RPC plugin support site\u003C\u002Fa> to report bugs, ask for specific feature or improvement, or just tell me how you’re using it.\u003C\u002Fp>\n\u003Ch3>Revisions\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>0.1.0. Initial beta release of 2011\u002F04\u002F29\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Did you like it?\u003C\u002Fh3>\n\u003Cp>Drop me a line on http:\u002F\u002Fwww.yann.com\u002Fen\u002Fwp-plugins\u002Fyd-webhook-to-xml-rpc\u003C\u002Fp>\n\u003Cp>And… \u003Cem>please\u003C\u002Fem> rate this plugin –>\u003C\u002Fp>\n","Implement incoming Webhooks in WordPress",10,2623,0,"","3.1.4","2.9",[18,19,20,21,22],"web-service","webhook","webservice","xml-rpc","xmlrpc","http:\u002F\u002Fwww.yann.com\u002Fen\u002Fwp-plugins\u002Fyd-webhook-to-xml-rpc","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyd-webhook-to-xml-rpc.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"ydubois",14,180,88,30,86,"2026-04-05T03:02:19.410Z",[38,61,83,106,127],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":14,"tags":53,"homepage":58,"download_link":59,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":60},"disable-xml-rpc-api","Disable XML-RPC-API","2.1.7","Amin Nazemi","https:\u002F\u002Fprofiles.wordpress.org\u002Faminnz\u002F","\u003Cp>Protect your website from xmlrpc brute-force attacks,DOS and DDOS attacks, this plugin disables the XML-RPC and trackbacks-pingbacks on your WordPress website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>PLUGIN FEATURES\u003C\u002Fstrong>\u003Cbr \u002F>\n(These are options you can enable or disable each one)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable access to xmlrpc.php file using .httacess file \u003C\u002Fli>\n\u003Cli>Automatically change htaccess file permission to read-only (0444)\u003C\u002Fli>\n\u003Cli>Disable X-pingback to minimize CPU usage \u003C\u002Fli>\n\u003Cli>Disable selected methods from XML-RPC\u003C\u002Fli>\n\u003Cli>Remove pingback-ping link from header\u003C\u002Fli>\n\u003Cli>Disable trackbacks and pingbacks to avoid spammers and hackers\u003C\u002Fli>\n\u003Cli>Rename XML-RPC slug to whatever you want\u003C\u002Fli>\n\u003Cli>Black list IPs for XML-RPC\u003C\u002Fli>\n\u003Cli>White list IPs for XML-RPC\u003C\u002Fli>\n\u003Cli>Some options to speed-up your wordpress website\u003C\u002Fli>\n\u003Cli>Disable JSON REST API\u003C\u002Fli>\n\u003Cli>Hide WordPress Version\u003C\u002Fli>\n\u003Cli>Disable built-in WordPress file editor\u003C\u002Fli>\n\u003Cli>Disable wlw manifest\u003C\u002Fli>\n\u003Cli>And some other options\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>What is XMLRPC\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>XML-RPC, or XML Remote Procedure Call is a protocol which uses XML to encode its calls and HTTP as a transport mechanism.\u003Cbr \u002F>\nBeginning in WordPress 3.5, XML-RPC is enabled by default. Additionally, the option to disable\u002Fenable XML-RPC was removed. For various reasons, site owners may wish to disable this functionality. This plugin provides an easy way to do so.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why you should disable XML-RPC\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>Xmlrpc has two main weaknesses\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brute force attacks:\u003Cbr \u002F>\nAttackers try to login to WordPress using xmlrpc.php with as many username\u002Fpassword combinations as they can enter. A method within xmlrpc.php allows the attacker to use a single command (system.multicall) to guess hundreds of passwords. Daniel Cid at Sucuri described it well in October 2015: “With only 3 or 4 HTTP requests, the attackers could try thousands of passwords, bypassing security tools that are designed to look and block brute force attempts.”\u003C\u002Fli>\n\u003Cli>Denial of Service Attacks via Pingback:\u003Cbr \u002F>\nBack in 2013, attackers sent Pingback requests through xmlrpc.php of approximately 2500 WordPress sites to “herd (these sites) into a voluntary botnet,” according to Gur Schatz at Incapsula. “This gives any attacker a virtually limitless set of IP addresses to Distribute a Denial of Service attack across a network of over 100 million WordPress sites, without having to compromise them.”\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple and lightweight plugin to disable XML-RPC API, X-Pingback and pingback-ping in WordPress 3.5+ for a faster and more secure website",100000,792973,82,42,"2026-02-04T06:54:00.000Z","6.9.4","5.0",[54,55,56,57,22],"disable-xml-rpc","disable-xmlrpc","pingback","stop-brute-force-attacks","https:\u002F\u002Fneatma.com\u002Fdsxmlrpc-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-xml-rpc-api.zip","2026-03-15T15:16:48.613Z",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":76,"tags":77,"homepage":80,"download_link":81,"security_score":82,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":60},"remove-xmlrpc-pingback-ping","Remove & Disable XML-RPC Pingback","1.6","cleverplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fcleverplugins\u002F","\u003Cp>Prevent your WordPress site from participating and being a victim of pingback denial of service attacks. \u003Cstrong>After activation the plugin automatically disables XML-RPC. There’s no need to configure anything.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>By disabling the XML-RPC pingback you’ll:\u003Cbr \u002F>\n* lower your server CPU usage\u003Cbr \u002F>\n* prevent malicious scripts from using your site to run pingback denial of service attacks\u003Cbr \u002F>\n* prevent malicious scripts to run denial of service attacks on your site via pingback\u003C\u002Fp>\n\u003Cp>From sucuri.net:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Any WordPress site with Pingback enabled (which is on by default) can be used in DDOS attacks against other sites.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Learn More\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwptavern.com\u002Fhow-to-prevent-wordpress-from-participating-in-pingback-denial-of-service-attacks\" rel=\"nofollow ugc\">How To Prevent WordPress From Participating In Pingback Denial of Service Attacks\u003C\u002Fa> – wptavern.com\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fblog.sucuri.net\u002F2014\u002F03\u002Fmore-than-162000-wordpress-sites-used-for-distributed-denial-of-service-attack.html\" rel=\"nofollow ugc\">More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack\u003C\u002Fa> – sucuri.net\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fhackguard.com\u002Fxmlrpc-php-ping-backs-hackers-denial-service-attacks\" rel=\"nofollow ugc\">xmlrpc.php and Pingbacks and Denial of Service Attacks, Oh My!\u003C\u002Fa> – hackguard.com\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Is Your Site Attacking Others?\u003C\u002Fh4>\n\u003Cp>Use \u003Ca href=\"http:\u002F\u002Flabs.sucuri.net\u002F?is-my-wordpress-ddosing\" rel=\"nofollow ugc\">Sucuri’s WordPress DDOS Scanner\u003C\u002Fa> to check if your site is DDOS’ing other websites\u003C\u002Fp>\n\u003Ch4>Why Not Just Disable XMLRPC Altogether?\u003C\u002Fh4>\n\u003Cp>Yes, you can choose to do that, but if you use popular plugins like JetPack (that use XMLRPC) then those plugins will stop working. That is why this small plugin exists.\u003C\u002Fp>\n","Prevent pingback, XML-RPC and denial of service DDOS attacks by disabling the XML-RPC pingback functionality.",9000,94267,60,6,"2023-07-24T23:03:00.000Z","6.3.8","5.2","5.6",[78,79,56,21,22],"disable-ping","ping","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fremove-xmlrpc-pingback-ping","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremove-xmlrpc-pingback-ping.1.6.zip",85,{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":71,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":14,"tags":97,"homepage":103,"download_link":104,"security_score":105,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":60},"manage-xml-rpc","Manage XML-RPC","1.0.2","brainvireinfo","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrainvireinfo\u002F","\u003Cp>You can now disable XML-RPC to avoid Brute force attack for given IPs or can even enable access for some IPs. XML-RPC on WordPress is actually an API that gives developers who build mobile apps, desktop apps and other services, the ability to talk to a WordPress site. The XML-RPC API that WordPress provides gives developers, a way to write applications (for you) that can do many of the things that you can do when logged into WordPress via the web interface.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Block XML-RPC by following way.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable pingback.ping, pingback.extensions.getPingbacks and Unset X-Pingback from HTTP headers, that will block bots to access specified method.\u003C\u002Fli>\n\u003Cli>Disable\u002FBlock XML-RPC for all users.\u003C\u002Fli>\n\u003C\u002Ful>\n","Enable\u002FDisable XML-RPC for all or based on IP list, also you can control pingback and Unset X-Pingback from HTTP headers.",6000,64108,4,"2024-12-02T07:10:00.000Z","6.7.5","4.0",[98,99,100,101,102],"block-xml-rpc","brute-force-attacks","security","xml-rpc-pingback","xmlrpc-php-attack","http:\u002F\u002Fwww.brainvire.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanage-xml-rpc.1.0.2.zip",92,{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":25,"num_ratings":116,"last_updated":117,"tested_up_to":118,"requires_at_least":119,"requires_php":120,"tags":121,"homepage":125,"download_link":126,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":60},"simple-disable-xml-rpc","Simple Disable XML-RPC | Reduce Brute Force & DDOS Attacks","1.4.0","Delower Hossain","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdelower\u002F","\u003Cp>\u003Cstrong>Simple Disable XML-RPC\u003C\u002Fstrong> is a lightweight, powerful WordPress plugin that gives you complete control over your site’s XML-RPC functionality. Protect your WordPress site from brute force attacks, DDoS attempts, and other XML-RPC security vulnerabilities with just one click.\u003C\u002Fp>\n\u003Ch3>🔒 Why Disable XML-RPC?\u003C\u002Fh3>\n\u003Cp>XML-RPC is a remote communication protocol that allows external applications to interact with your WordPress site. While useful for some services, it’s frequently exploited by attackers for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Brute Force Attacks\u003C\u002Fstrong> – Automated password guessing attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DDoS Attacks\u003C\u002Fstrong> – Overwhelming your server with requests\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Resource Exhaustion\u003C\u002Fstrong> – Slowing down your website\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pingback Vulnerabilities\u003C\u002Fstrong> – Exploiting pingback features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>✨ Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>🎯 One-Click Control\u003C\u002Fstrong> – Modern toggle switch interface (NEW in v1.4.0)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔐 Enhanced Security\u003C\u002Fstrong> – Block XML-RPC attacks instantly\u003C\u002Fli>\n\u003Cli>\u003Cstrong>⚡ Improved Performance\u003C\u002Fstrong> – Reduce server load and resource usage\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🎨 Beautiful Admin Interface\u003C\u002Fstrong> – Clean, modern card-based design (NEW in v1.4.0)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🌐 Translation Ready\u003C\u002Fstrong> – Fully internationalized and translation-ready\u003C\u002Fli>\n\u003Cli>\u003Cstrong>📱 Mobile Responsive\u003C\u002Fstrong> – Settings page works perfectly on all devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🧹 Clean Uninstall\u003C\u002Fstrong> – Removes all data when uninstalled\u003C\u002Fli>\n\u003Cli>\u003Cstrong>⚙️ Developer Friendly\u003C\u002Fstrong> – Well-coded, follows WordPress standards\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔄 Regular Updates\u003C\u002Fstrong> – Actively maintained and tested with latest WordPress versions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>💯 Lightweight\u003C\u002Fstrong> – No bloat, minimal impact on your site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🆕 What’s New in Version 1.4.0\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>✅ Modern toggle switch replaces old checkbox\u003C\u002Fli>\n\u003Cli>✅ Beautiful card-based admin interface\u003C\u002Fli>\n\u003Cli>✅ Enhanced security with proper sanitization\u003C\u002Fli>\n\u003Cli>✅ Better code organization (OOP approach)\u003C\u002Fli>\n\u003Cli>✅ Improved accessibility and UX\u003C\u002Fli>\n\u003Cli>✅ Removes X-Pingback header when disabled\u003C\u002Fli>\n\u003Cli>✅ Fixed activation redirect for bulk installations\u003C\u002Fli>\n\u003Cli>✅ Better mobile responsive design\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🎯 Perfect For\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Security-focused website owners\u003C\u002Fli>\n\u003Cli>Sites that don’t use mobile apps or remote publishing\u003C\u002Fli>\n\u003Cli>Sites experiencing XML-RPC attacks\u003C\u002Fli>\n\u003Cli>Performance-conscious administrators\u003C\u002Fli>\n\u003Cli>Anyone wanting better control over WordPress features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔧 How It Works\u003C\u002Fh3>\n\u003Cp>This plugin uses the native WordPress \u003Ccode>xmlrpc_enabled\u003C\u002Fcode> filter to safely disable XML-RPC without modifying core files. Simply activate the plugin, toggle the switch on the settings page, and you’re protected!\u003C\u002Fp>\n\u003Ch3>⚠️ Important Note\u003C\u002Fh3>\n\u003Cp>Disabling XML-RPC may affect:\u003Cbr \u002F>\n* WordPress mobile apps\u003Cbr \u002F>\n* Jetpack (some features)\u003Cbr \u002F>\n* Remote publishing tools\u003Cbr \u002F>\n* Pingbacks and trackbacks\u003Cbr \u002F>\n* Third-party services that rely on XML-RPC\u003C\u002Fp>\n\u003Cp>Only disable XML-RPC if you don’t use these features.\u003C\u002Fp>\n\u003Ch3>🤝 Contributing & Bug Reports\u003C\u002Fh3>\n\u003Cp>Bug reports and pull requests are welcome on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress-Satkhira-Community\u002Fsimple-disable-xml-rpc\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>. Help us make this plugin better!\u003C\u002Fp>\n\u003Ch3>💝 Support the Development\u003C\u002Fh3>\n\u003Cp>If you find this plugin helpful, please consider:\u003Cbr \u002F>\n* ⭐ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-disable-xml-rpc\u002Freviews\u002F\" rel=\"ugc\">Rating it 5 stars\u003C\u002Fa>\u003Cbr \u002F>\n* 🐛 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress-Satkhira-Community\u002Fsimple-disable-xml-rpc\u002Fissues\" rel=\"nofollow ugc\">Reporting bugs\u003C\u002Fa>\u003Cbr \u002F>\n* 💬 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress-Satkhira-Community\u002Fsimple-disable-xml-rpc\u002Fissues\" rel=\"nofollow ugc\">Suggesting features\u003C\u002Fa>\u003Cbr \u002F>\n* ☕ \u003Ca href=\"https:\u002F\u002Fwww.wpsatkhira.com\u002Fdonate\" rel=\"nofollow ugc\">Buying us a coffee\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Simple Disable XML-RPC does not:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Collect any user data\u003C\u002Fli>\n\u003Cli>Store any personal information\u003C\u002Fli>\n\u003Cli>Make external API calls\u003C\u002Fli>\n\u003Cli>Use cookies or tracking\u003C\u002Fli>\n\u003Cli>Send data to third parties\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin only stores one setting in your WordPress database: whether XML-RPC is enabled or disabled.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help? We’re here for you!\u003C\u002Fp>\n\u003Cul>\n\u003Cli>📖 \u003Ca href=\"https:\u002F\u002Fwww.wpsatkhira.com\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>💬 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-disable-xml-rpc\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>🐛 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress-Satkhira-Community\u002Fsimple-disable-xml-rpc\u002Fissues\" rel=\"nofollow ugc\">Report Bugs\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>⭐ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-disable-xml-rpc\u002Freviews\u002F\" rel=\"ugc\">Rate Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed with ❤️ by \u003Ca href=\"https:\u002F\u002Fwww.wpsatkhira.com\" rel=\"nofollow ugc\">WordPress Satkhira Community\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Contributors:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdelower\u002F\" rel=\"nofollow ugc\">wpdelower\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmonarchwp23\u002F\" rel=\"nofollow ugc\">monarchwp23\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Special thanks to all our users and contributors who help make this plugin better!\u003C\u002Fp>\n","Simply disable XML-RPC on your WordPress site with a simple toggle switch. Protect your site from XML-RPC attacks and improve security.",1000,8616,5,"2025-11-09T02:27:00.000Z","6.8.5","6.1","7.4",[122,54,123,124,22],"disable-xml","wordpress-security","xml","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-disable-xml-rpc\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-disable-xml-rpc.1.4.0.zip",{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":114,"downloaded":135,"rating":25,"num_ratings":136,"last_updated":137,"tested_up_to":51,"requires_at_least":138,"requires_php":139,"tags":140,"homepage":141,"download_link":142,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":60},"wee-remove-xmlrpc-methods","Remove XML-RPC Methods","1.4.1","Walter Ebert","https:\u002F\u002Fprofiles.wordpress.org\u002Fwalterebert\u002F","\u003Cp>This plugin does more than just using the \u003Ccode>xmlrpc_enabled\u003C\u002Fcode> hook, because that is only used “To disable XML-RPC methods that require authentication”.\u003C\u002Fp>\n\u003Cp>Activating this plugin will also disable pingbacks, trackbacks, and Really Simple Discovery (RSD), because these rely on XML-RPC.\u003C\u002Fp>\n\u003Cp>It works with any webserver, because it does not use the .htaccess file.\u003C\u002Fp>\n\u003Ch4>Testing the plugin\u003C\u002Fh4>\n\u003Cp>From the command line you can test if the plugin is working correctly using \u003Ca href=\"https:\u002F\u002Fcurl.haxx.se\u002F\" rel=\"nofollow ugc\">cURL\u003C\u002Fa>. Replace the \u003Ccode>example.com\u003C\u002Fcode> link to match your website:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>curl -d '\u003C?xml version=\"1.0\"?>\u003CmethodCall>\u003CmethodName>system.listMethods\u003C\u002FmethodName>\u003Cparams>\u003Cparam>\u003Cvalue>\u003Cstring\u002F>\u003C\u002Fvalue>\u003C\u002Fparam>\u003C\u002Fparams>\u003C\u002FmethodCall>' https:\u002F\u002Fexample.com\u002Fxmlrpc.php\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This should only return the following methods:\u003Cbr \u002F>\n– \u003Ccode>system.multicall\u003C\u002Fcode>\u003Cbr \u002F>\n– \u003Ccode>system.listMethods\u003C\u002Fcode>\u003Cbr \u002F>\n– \u003Ccode>system.getCapabilities\u003C\u002Fcode>\u003C\u002Fp>\n","Remove all WordPress methods from the XML-RPC API to increase security.",11616,2,"2025-12-02T20:41:00.000Z","4.6","5.4.0",[100,21,22],"https:\u002F\u002Fgitlab.com\u002Fwalterebert\u002Fwee-remove-xmlrpc-methods","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwee-remove-xmlrpc-methods.1.4.1.zip",{"attackSurface":144,"codeSignals":202,"taintFlows":329,"riskAssessment":375,"analyzedAt":387},{"hooks":145,"ajaxHandlers":192,"restRoutes":193,"shortcodes":194,"cronEvents":195,"entryPointCount":13,"unprotectedCount":13},[146,152,157,161,164,168,172,176,180,184,187],{"type":147,"name":148,"callback":149,"file":150,"line":151},"action","admin_menu","create_menu","inc\\yd-widget-framework.inc.php",99,{"type":153,"name":154,"callback":155,"priority":11,"file":150,"line":156},"filter","plugin_action_links","plugin_actions",101,{"type":153,"name":158,"callback":159,"priority":11,"file":150,"line":160},"plugin_row_meta","add_settings_link",102,{"type":147,"name":148,"callback":162,"file":150,"line":163},"yd_add_menu_page",105,{"type":147,"name":165,"callback":166,"file":150,"line":167},"widgets_init","load_widget",107,{"type":147,"name":169,"callback":170,"file":150,"line":171},"wp_print_styles","add_stylesheet",109,{"type":147,"name":173,"callback":174,"file":150,"line":175},"plugins_loaded","load_translation",110,{"type":147,"name":177,"callback":178,"file":150,"line":179},"admin_notices","admin_notice",111,{"type":147,"name":181,"callback":182,"file":150,"line":183},"wp_footer","add_linkware",113,{"type":147,"name":177,"callback":185,"file":150,"line":186},"yd_version_warning",337,{"type":147,"name":188,"callback":189,"file":190,"line":191},"init","add_rewriterule","inc\\ydw2x.inc.php",13,[],[],[],[196,199],{"hook":197,"callback":197,"file":150,"line":198},"yd_hourly_event",119,{"hook":200,"callback":200,"file":150,"line":201},"yd_daily_event",122,{"dangerousFunctions":203,"sqlUsage":204,"outputEscaping":206,"fileOperations":136,"externalRequests":327,"nonceChecks":327,"capabilityChecks":327,"bundledLibraries":328},[],{"prepared":13,"raw":13,"locations":205},[],{"escaped":207,"rawEcho":208,"locations":209},7,58,[210,213,215,217,219,221,223,224,226,228,230,232,234,236,238,240,242,244,246,248,250,252,254,256,258,260,262,264,266,268,270,272,274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,312,314,316,318,320,322,324],{"file":150,"line":211,"context":212},128,"raw output",{"file":150,"line":214,"context":212},251,{"file":150,"line":216,"context":212},369,{"file":150,"line":218,"context":212},371,{"file":150,"line":220,"context":212},373,{"file":150,"line":222,"context":212},396,{"file":150,"line":222,"context":212},{"file":150,"line":225,"context":212},398,{"file":150,"line":227,"context":212},399,{"file":150,"line":229,"context":212},401,{"file":150,"line":231,"context":212},468,{"file":150,"line":233,"context":212},474,{"file":150,"line":235,"context":212},477,{"file":150,"line":237,"context":212},482,{"file":150,"line":239,"context":212},501,{"file":150,"line":241,"context":212},503,{"file":150,"line":243,"context":212},521,{"file":150,"line":245,"context":212},523,{"file":150,"line":247,"context":212},524,{"file":150,"line":249,"context":212},526,{"file":150,"line":251,"context":212},529,{"file":150,"line":253,"context":212},535,{"file":150,"line":255,"context":212},538,{"file":150,"line":257,"context":212},543,{"file":150,"line":259,"context":212},544,{"file":150,"line":261,"context":212},545,{"file":150,"line":263,"context":212},546,{"file":150,"line":265,"context":212},547,{"file":150,"line":267,"context":212},548,{"file":150,"line":269,"context":212},556,{"file":150,"line":271,"context":212},558,{"file":150,"line":273,"context":212},560,{"file":150,"line":275,"context":212},561,{"file":150,"line":277,"context":212},562,{"file":150,"line":279,"context":212},564,{"file":150,"line":281,"context":212},566,{"file":150,"line":283,"context":212},568,{"file":150,"line":285,"context":212},569,{"file":150,"line":287,"context":212},571,{"file":150,"line":289,"context":212},586,{"file":150,"line":291,"context":212},588,{"file":150,"line":293,"context":212},595,{"file":150,"line":295,"context":212},598,{"file":150,"line":297,"context":212},605,{"file":150,"line":299,"context":212},608,{"file":150,"line":301,"context":212},614,{"file":150,"line":303,"context":212},627,{"file":150,"line":305,"context":212},636,{"file":150,"line":307,"context":212},644,{"file":150,"line":309,"context":212},645,{"file":150,"line":311,"context":212},646,{"file":150,"line":313,"context":212},647,{"file":150,"line":315,"context":212},649,{"file":150,"line":317,"context":212},666,{"file":150,"line":319,"context":212},667,{"file":150,"line":321,"context":212},669,{"file":150,"line":323,"context":212},676,{"file":325,"line":326,"context":212},"webhook.php",63,1,[],[330,347,362],{"entryPoint":331,"graph":332,"unsanitizedCount":327,"severity":346},"form_footer (inc\\yd-widget-framework.inc.php:642)",{"nodes":333,"edges":343},[334,338],{"id":335,"type":336,"label":337,"file":150,"line":309},"n0","source","$_GET['page']",{"id":339,"type":340,"label":341,"file":150,"line":309,"wp_function":342},"n1","sink","echo() [XSS]","echo",[344],{"from":335,"to":339,"sanitized":345},false,"medium",{"entryPoint":348,"graph":349,"unsanitizedCount":13,"severity":361},"do_action (inc\\yd-widget-framework.inc.php:687)",{"nodes":350,"edges":358},[351,354],{"id":335,"type":336,"label":352,"file":150,"line":353},"$_GET",692,{"id":339,"type":340,"label":355,"file":150,"line":356,"wp_function":357},"call_user_func() [RCE]",698,"call_user_func",[359],{"from":335,"to":339,"sanitized":360},true,"low",{"entryPoint":363,"graph":364,"unsanitizedCount":13,"severity":361},"\u003Cyd-widget-framework.inc> (inc\\yd-widget-framework.inc.php:0)",{"nodes":365,"edges":372},[366,367,368,370],{"id":335,"type":336,"label":337,"file":150,"line":309},{"id":339,"type":340,"label":341,"file":150,"line":309,"wp_function":342},{"id":369,"type":336,"label":352,"file":150,"line":353},"n2",{"id":371,"type":340,"label":355,"file":150,"line":356,"wp_function":357},"n3",[373,374],{"from":335,"to":339,"sanitized":360},{"from":369,"to":371,"sanitized":360},{"summary":376,"deductions":377},"The 'yd-webhook-to-xml-rpc' plugin exhibits a generally strong security posture due to its lack of critical vulnerabilities, robust use of prepared statements for SQL queries, and the presence of nonce and capability checks. The vulnerability history is also clean, indicating a potentially well-maintained or low-risk plugin. However, a significant concern arises from the low percentage of properly escaped output (11%), which suggests a high likelihood of cross-site scripting (XSS) vulnerabilities. While the static analysis reported no critical or high severity taint flows, the unsanitized path flow could potentially be exploited if it leads to sensitive operations or data exposure, especially in conjunction with unescaped output. The presence of file operations and external HTTP requests without explicit security checks in the provided data also warrants caution, as these can be vectors for further compromise if not handled securely.\n\nDespite the positive aspects like the absence of known CVEs and a small attack surface with all identified entry points appearing to have authentication checks, the significant issue of unescaped output remains a substantial risk. This weakness, coupled with the potential for an unsanitized path flow, means that while the plugin may not have publicly known severe vulnerabilities, it is susceptible to client-side attacks that could be leveraged for more serious compromises. Further investigation into the specific nature of the file operations, external HTTP requests, and the unsanitized path flow would be necessary for a definitive risk assessment. However, based on the data, the primary risk lies in potential XSS vulnerabilities stemming from inadequate output escaping.",[378,381,383,385],{"reason":379,"points":380},"Low percentage of properly escaped output",15,{"reason":382,"points":11},"Unsanitized path flow identified in taint analysis",{"reason":384,"points":116},"File operations without explicit security detail",{"reason":386,"points":116},"External HTTP requests without explicit security detail","2026-03-16T23:25:55.064Z",{"wat":389,"direct":394},{"assetPaths":390,"generatorPatterns":391,"scriptPaths":392,"versionParams":393},[],[],[],[],{"cssClasses":395,"htmlComments":396,"htmlAttributes":397,"restEndpoints":398,"jsGlobals":399,"shortcodeOutput":400},[],[],[],[],[],[]]