이 플러그인은 최근 3개의 주요 워드프레스 출시와 시험 되지 않았습니다. 워드프레스의 좀 더 최근 버전으로 이용할 때 더 이상 관리되지 않고 지원되지 않고 호환성 문제가 있을 수 있습니다.

Simple XML-RPC Disabler

설명

What Is xmlrpc.php?

XML-RPC is a remote procedure call (RPC) protocol, a feature included in WordPress, which enables data to be transmitted. It uses HTTP as the transport mechanism, and XML to encode its calls.

Unless you use remote technologies and mobile applications to update your WordPress site, you might not be familiar with XML-RPC. For the uninitiated, you can use xmlrpc.php to establish a remote connection to WordPress, and make updates to your site without directly logging in to your WordPress system.

XML-RPC is indeed useful for enabling remote connections between various external applications and WordPress. On the other hand, disabling this feature can help improve your site’s security.

Why You Should Disable xmlrpc.php?

The problem is that xmlrpc.php poses a security risk. It creates an additional access point to your site, which could leave it vulnerable to external attacks. Every time you authenticate XML-RPC, you need to supply your username and password. As you can imagine, this isn’t exactly ideal for security purposes.

For example, in order to prevent brute force attacks, you can limit login attempts on your WordPress site. However, with XML-RPC enabled, that limit does not exist. There’s no capping on login attempts, which means it’s only a matter of time before a determined cybercriminal gains access.

By disabling the feature, you are closing a potential area of entry for hackers.

XML-RPC functionality is turned on by default since WordPress 3.5. This plugin completely disables the XML-RPC API which can be abused by hackers on a WordPress site, providing an easy and simple way to disable/enable the XML-RPC API.

Requirements

  • WordPress 3.8.1 or higher.

설치

  1. Upload the simple-xml-rpc-disabler directory to the /wp-content/plugins/ directory in your WordPress installation
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. XML-RPC is now disabled!

To re-enable XML-RPC, just deactivate the plugin through the ‘Plugins’ menu in WordPress.

FAQ

Why this plugin?

This plugin completely disables the XML-RPC API which can be abused by hackers on a WordPress site. If security is your top priority, this may be a step you want to consider. Additionally, if remote connections aren’t something you deal with on a day-to-day basis, you likely won’t miss the feature when it’s gone. In this situation, you have nothing to lose and only an added layer of security to gain.

How to know if the plugin is working?

You can try the XML-RPC Validator, written by Danilo Ercoli. Keep in mind that you want the validator to fail and tell you that XML-RPC services are disabled.

Plugin seems broken …

If the plugin is activated, but XML-RPC appears to still be enabled or if the plugin is deactivated, but XML-RPC appears to still be disabled, then it’s possible that another plugin or the theme functions is affecting the xmlrpc_enabled filter. Additionally, server configurations could be blocking XML-RPC (i.e. blocking access to xmlrpc.php with the .htaccess file).

<Files xmlrpc.php>
Order allow,deny
Deny from all
Allow from 123.123.123.123
</Files>

Will disabling XML-RPC affect SEO?

The XML-RPC API or xmlrpc.php for WordPress, has nothing to do with SEO.

후기

이 플러그인에 대한 평가가 없습니다.

기여자 & 개발자

“Simple XML-RPC Disabler”(은)는 오픈 소스 소프트웨어입니다. 다음의 사람들이 이 플러그인에 기여하였습니다.

기여자

자국어로 “Simple XML-RPC Disabler”(을)를 번역하세요.

개발에 관심이 있으십니까?

코드 탐색하기는, SVN 저장소를 확인하시거나, 개발 기록RSS로 구독하세요.

변경이력

1.0.0

  • Initial release

1.0.1

  • Corrected readme.txt and added plugin banner and icon

1.1.0

  • Tested ready for WordPress 5.7.0+