Disable XML-RPC Plugin

Current Version: 1.0.1
Requires: WordPress 3.5 or higher
Compatible up to: WordPress 4.1.10
Last Updated: 2015-2-05

Pretty simply, this plugin disables the XML-RPC API on a WordPress site running 3.5 or above.

XML-RPC is primarily used in WordPress to allow mobile and third-party applications to interact with WordPress. For instance, the official WordPress mobile apps use XML-RPC to get data from your WordPress site.

Starting in WordPress 2.6, XML-RPC was turned off by default – the developers noted that disabling it may reduce some security risks. Site admins were still able to enable, if they needed it.

In WordPress 3.5, XML-RPC is enabled by default. The developers noted improvements in XML-RPC’s development and support (http://core.trac.wordpress.org/ticket/21509). In addition to enabling it by default, they have removed the option in the admin interface that allows you to turn it off – but they did expose the ability to disable it via a quick piece of code.

For various reasons, site owners may wish to disable XML-RPC and they may not necessarily have the ability or desire to add the code to do it. So, this plugin gives them an easy option to do so.

The plugin is fairly simple – activate the plugin to disable XML-RPC and deactivate the plugin to enable XML-RPC.

Download from the WordPress.org Plugin Directory