Manage XML-RPC
Enable/Disable XML-RPC for all or based on IP list, also you can control pingback and Unset X-Pingback from HTTP headers.
3(4 reviews)
·6.0K+ active installs·Updated 1 year agoAs of April 2026, Manage XML-RPC is a WordPress security plugin with 6.0K+ active installations and a 3/5 rating from 4 reviews. It has been downloaded 64K+ times in total. Requires WordPress 4.0+ and PHP false+. Available on WordPress.org since 2016. Last updated 1 year ago — may have compatibility concerns. Downloads are up 32% this week. Top alternative: Wordfence Security – Firewall, Malware….
3/54 reviews
6.0K+active installs
64K+total downloads
10 yearssince 2016
Overview
You can now disable XML-RPC to avoid Brute force attack for given IPs or can even enable access for some IPs. XML-RPC on WordPress is actually an API that gives developers who build mobile apps, desktop apps and other services, the ability to talk to a WordPress site. The XML-RPC API that WordPress provides gives developers, a way to write applications (for you) that can do many of the things that you can do when logged into WordPress via the web interface.
Features
Block XML-RPC by following way.
- Disable pingback.ping, pingback.extensions.getPingbacks and Unset X-Pingback from HTTP headers, that will block bots to access specified method.
- Disable/Block XML-RPC for all users.
Screenshots
Ratings & Reviews
34 reviews
5 ★
2
4 ★
0
3 ★
0
2 ★
0
1 ★
2
Recent Reviews
My backend down after activating this plugin
by pharouk·3 years ago
After directly activating this plugin, the backend is no longer available and can’t deactivate it or access the backend again
This error appears
Service UnavailableThe server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
does not enable xml rpc at all.
by shop4seo·7 years ago
it might disable xml-rpc but it does not enable it. I have been unable to post to my wordpress, i whitelisted the ip using this plugin, it didn’t help at all
easy modifiable xml-rpc setting
by .·9 years ago
Easy in use! Works great!!
Block entirely the access, block only pingback or/and allow/denay by IP
effectively stops xmlrpc brute force / dos
by mtreklivecom·9 years ago
simply works. I don’t use jetpack and I don’t care about ping backs… but I hate the staggering amount of xmlrpc attacks I’ve been seeing the past few months. This plugin can elegantly turn the http://your.website/xmlrpc.php URL into a 403 for the would-be attacker.
Thanks!
Download Trends
Today: 8Yesterday: 27This week: 83Period total: 5K
Compatibility
| WordPress | 4.0+ requiredTested up to 6.7.5 |
| PHP | false+ required |
Version Adoption
v1.0
100.0%
Top Alternatives to Manage XML-RPC
Frequently Asked Questions
Changelog
1.0.2
- Fixed bugs and conducted compatibility checks with the latest WordPress version 6.7.1.
- Resolved warnings and errors identified during the compatibility assessment.
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.