Is Remove & Disable XML-RPC Pingback free?

Yes, Remove & Disable XML-RPC Pingback is free to use. It is available as a free plugin on WordPress.org.

How many websites use Remove & Disable XML-RPC Pingback?

Remove & Disable XML-RPC Pingback has 9.0K+ active installations as tracked by WordPress.org.

What are the best Remove & Disable XML-RPC Pingback alternatives?

Popular alternatives to Remove & Disable XML-RPC Pingback include No Self Ping, Auto Ping Booster, Яндекс.ПДС Пингер / Yandex Site search…. You can compare them side-by-side on our comparison pages.

Does Remove & Disable XML-RPC Pingback work with the latest WordPress?

Remove & Disable XML-RPC Pingback has been tested up to WordPress 6.3.8. It requires WordPress 5.2+ and PHP 5.6+.

PluginSift

Remove & Disable XML-RPC Pingback

Name: Remove & Disable XML-RPC Pingback
Rating: 3 (6 reviews)
Author: cleverplugins

Prevent pingback, XML-RPC and denial of service DDOS attacks by disabling the XML-RPC pingback functionality.

By cleverplugins·Ping·Free

3(6 reviews)

·9.0K+ active installs·Updated 2 years ago

Download Visit Homepage Compare

As of April 2026, Remove & Disable XML-RPC Pingback is a WordPress ping plugin with 9.0K+ active installations and a 3/5 rating from 6 reviews. It has been downloaded 94K+ times in total. Requires WordPress 5.2+ and PHP 5.6+. Available on WordPress.org since 2014. Last updated 2 years ago — may have compatibility concerns. Downloads are up 48% this week. Top alternative: No Self Ping.

3/56 reviews

9.0K+active installs

94K+total downloads

12 yearssince 2014

Overview

Prevent your WordPress site from participating and being a victim of pingback denial of service attacks. After activation the plugin automatically disables XML-RPC. There’s no need to configure anything.

By disabling the XML-RPC pingback you’ll:
* lower your server CPU usage
* prevent malicious scripts from using your site to run pingback denial of service attacks
* prevent malicious scripts to run denial of service attacks on your site via pingback

From sucuri.net:

Any WordPress site with Pingback enabled (which is on by default) can be used in DDOS attacks against other sites.

Learn More

Read full description on WordPress.org

Screenshots

Ratings & Reviews

36 reviews

5 ★

4 ★

3 ★

2 ★

1 ★

Recent Reviews

So many annoying admin notices …

by mklusak·4 years ago·1 reply

I am removing this plugin from my sites, because WP admin is constantly full of huge “join our newsletter” (…) admin notices. Yeah, no, thank you …

Just what I needed

by Ben Roberts·5 years ago

Great plugin, super easy to install and just sits there doing it’s job. Very light as well, so has no effects that I could see, on site speed or memory usage. Can’t think of a reason why you wouldn’t be using this to be honest. Thanks for developing it!

Not working

by Kekeli·5 years ago·1 reply

Still getting a ton of login attempts

Great plugin

by kayasch·6 years ago

It was beneficial, helped me a lot!

No longer effective

by skyhound·9 years ago

Unfortunately, it looks like this plugin is not effective anymore as I’ve had a few sites attacked with this plugin installed.

Trying to manage though .htaccess now. Wish someone would write something new to fix this.