{"id":28406,"date":"2014-03-18T15:35:00","date_gmt":"2014-03-18T15:35:00","guid":{"rendered":"https:\/\/wordpress.org\/plugins-wp\/remove-xmlrpc-pingback-ping\/"},"modified":"2023-07-24T23:03:29","modified_gmt":"2023-07-24T23:03:29","slug":"remove-xmlrpc-pingback-ping","status":"publish","type":"plugin","link":"https:\/\/sk.wordpress.org\/plugins\/remove-xmlrpc-pingback-ping\/","author":15461137,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.6","stable_tag":"1.6","tested":"6.3.8","requires":"5.2","requires_php":"5.6","requires_plugins":null,"header_name":"Remove XMLRPC Pingback Ping","header_author":"WP Security Ninja","header_description":"","assets_banners_color":"050c06","last_updated":"2023-07-24 23:03:29","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"http:\/\/wordpress.org\/plugins\/remove-xmlrpc-pingback-ping","header_author_uri":"https:\/\/wpsecurityninja.com\/","rating":3.3,"author_block_rating":0,"active_installs":9000,"downloads":94557,"num_ratings":6,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.4":{"tag":"1.4","author":"cleverplugins","date":"2021-08-10 20:52:41"},"1.5":{"tag":"1.5","author":"cleverplugins","date":"2022-04-11 20:12:22"},"1.6":{"tag":"1.6","author":"lkoudal","date":"2023-07-24 23:03:29"}},"upgrade_notice":{"1.5":"<p>Worth the update...<\/p>"},"ratings":{"1":3,"2":0,"3":0,"4":0,"5":4},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":2065246,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":2065246,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-772x250.png":{"filename":"banner-772x250.png","revision":877225,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.4","1.5","1.6"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":877225,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":877225,"resolution":"2","location":"assets","locale":""}},"screenshots":{"1":"Postman: Without the plugin installed","2":"Postman: With the plugin installed"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[170054,2454,3026,6558,14731],"plugin_category":[44],"plugin_contributors":[154775,79429],"plugin_business_model":[],"class_list":["post-28406","plugin","type-plugin","status-publish","hentry","plugin_tags-disable-ping","plugin_tags-ping","plugin_tags-pingback","plugin_tags-xml-rpc","plugin_tags-xmlrpc","plugin_category-discussion-and-community","plugin_contributors-cleverplugins","plugin_contributors-lkoudal","plugin_committers-cleverplugins","plugin_committers-lkoudal","plugin_support_reps-lkoudal"],"banners":{"banner":"https:\/\/ps.w.org\/remove-xmlrpc-pingback-ping\/assets\/banner-772x250.png?rev=877225","banner_2x":false,"banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/remove-xmlrpc-pingback-ping\/assets\/icon-128x128.png?rev=2065246","icon_2x":"https:\/\/ps.w.org\/remove-xmlrpc-pingback-ping\/assets\/icon-256x256.png?rev=2065246","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/remove-xmlrpc-pingback-ping\/assets\/screenshot-1.png?rev=877225","caption":"Postman: Without the plugin installed"},{"src":"https:\/\/ps.w.org\/remove-xmlrpc-pingback-ping\/assets\/screenshot-2.png?rev=877225","caption":"Postman: With the plugin installed"}],"raw_content":"<!--section=description-->\n<p>Prevent your WordPress site from participating and being a victim of pingback denial of service attacks. <strong>After activation the plugin automatically disables XML-RPC. There's no need to configure anything.<\/strong><\/p>\n\n<p>By disabling the XML-RPC pingback you'll:\n* lower your server CPU usage\n* prevent malicious scripts from using your site to run pingback denial of service attacks\n* prevent malicious scripts to run denial of service attacks on your site via pingback<\/p>\n\n<p>From sucuri.net:<\/p>\n\n<blockquote>\n  <p>Any WordPress site with Pingback enabled (which is on by default) can be used in DDOS attacks against other sites.<\/p>\n<\/blockquote>\n\n<h4>Learn More<\/h4>\n\n<ul>\n<li><a href=\"http:\/\/wptavern.com\/how-to-prevent-wordpress-from-participating-in-pingback-denial-of-service-attacks\">How To Prevent WordPress From Participating In Pingback Denial of Service Attacks<\/a> - wptavern.com<\/li>\n<li><a href=\"http:\/\/blog.sucuri.net\/2014\/03\/more-than-162000-wordpress-sites-used-for-distributed-denial-of-service-attack.html\">More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack<\/a> - sucuri.net<\/li>\n<li><a href=\"http:\/\/hackguard.com\/xmlrpc-php-ping-backs-hackers-denial-service-attacks\">xmlrpc.php and Pingbacks and Denial of Service Attacks, Oh My!<\/a> - hackguard.com<\/li>\n<\/ul>\n\n<h4>Is Your Site Attacking Others?<\/h4>\n\n<p>Use <a href=\"http:\/\/labs.sucuri.net\/?is-my-wordpress-ddosing\">Sucuri's WordPress DDOS Scanner<\/a> to check if your site is DDOS\u2019ing other websites<\/p>\n\n<h4>Why Not Just Disable XMLRPC Altogether?<\/h4>\n\n<p>Yes, you can choose to do that, but if you use popular plugins like JetPack (that use XMLRPC) then those plugins will stop working. That is why this small plugin exists.<\/p>\n\n<!--section=installation-->\n<h4>Using The WordPress Dashboard<\/h4>\n\n<ol>\n<li>Navigate to the 'Add New' in the plugins dashboard<\/li>\n<li>Search for 'Remove XMLRPC Pingback Ping'<\/li>\n<li>Click 'Install Now'<\/li>\n<li>Activate the plugin on the Plugin dashboard<\/li>\n<\/ol>\n\n<h4>Uploading in WordPress Dashboard<\/h4>\n\n<ol>\n<li>Navigate to the 'Add New' in the plugins dashboard<\/li>\n<li>Navigate to the 'Upload' area<\/li>\n<li>Select <code>remove-xmlrpc-pingback-ping.zip<\/code> from your computer<\/li>\n<li>Click 'Install Now'<\/li>\n<li>Activate the plugin in the Plugin dashboard<\/li>\n<\/ol>\n\n<h4>Using FTP<\/h4>\n\n<ol>\n<li>Download <code>remove-xmlrpc-pingback-ping.zip<\/code><\/li>\n<li>Extract the <code>remove-xmlrpc-pingback-ping<\/code> directory to your computer<\/li>\n<li>Upload the <code>remove-xmlrpc-pingback-ping<\/code> directory to the <code>\/wp-content\/plugins\/<\/code> directory<\/li>\n<li>Activate the plugin in the Plugin dashboard<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id='is%20my%20site%20attacking%20others%3F'><h3>Is My Site Attacking Others?<\/h3><\/dt>\n<dd><p>It could be! Use <a href=\"https:\/\/labs.sucuri.net\/?is-my-wordpress-ddosing\">Sucuri's WordPress DDOS Scanner<\/a> to check if your site is DDOS\u2019ing other websites<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.6<\/h4>\n\n<ul>\n<li>2023\/07\/24<\/li>\n<li>Added filter to check for and remove 'X-Pingback' header if necessary.<\/li>\n<li>Added settings page<\/li>\n<li>Tested up to WP 6.2<\/li>\n<\/ul>\n\n<h4>1.5<\/h4>\n\n<ul>\n<li>Code hardening.<\/li>\n<li>Verified compatibility with WP 5.9.3<\/li>\n<\/ul>\n\n<h4>1.4<\/h4>\n\n<ul>\n<li>New: Added a count under \"Settings -&gt; General\" to see number of blocked attempts.<\/li>\n<li>Tested up to WP 5.8<\/li>\n<li>Added newsletter admin notice.<\/li>\n<li>Code hardening.<\/li>\n<\/ul>\n\n<h4>1.3<\/h4>\n\n<ul>\n<li>2020\/09\/21<\/li>\n<li>Cleaned up code<\/li>\n<li>Added counter for number of times the pingback method was blocked.<\/li>\n<li>Tested with WP 5.5.1<\/li>\n<li>28,595 downloads<\/li>\n<\/ul>\n\n<h4>1.1<\/h4>\n\n<ul>\n<li>2019\/04\/09<\/li>\n<li>version bump<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>First release<\/li>\n<\/ul>","raw_excerpt":"Prevent pingback, XML-RPC and denial of service DDOS attacks by disabling the XML-RPC pingback functionality.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/28406","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=28406"}],"author":[{"embeddable":true,"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/cleverplugins"}],"wp:attachment":[{"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=28406"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=28406"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=28406"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=28406"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=28406"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/sk.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=28406"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}