Secure XML-RPC
More secure wrapper for the WordPress XML-RPC interface.
3.7(3 reviews)
·60 active installs·Updated 11 years agoAs of April 2026, Secure XML-RPC is a WordPress oauth plugin with 60 active installations and a 3.7/5 rating from 3 reviews. It has been downloaded 6.9K+ times in total. Requires WordPress 3.8+ and PHP false+. Available on WordPress.org since 2014. Last updated 11 years ago — may have compatibility concerns. Top alternative: JWT Authentication for WP REST API.
3.7/53 reviews
60active installs
6.9K+total downloads
12 yearssince 2014
Overview
Rather than sending usernames and passwords in plain text with every request, we’re going to use a set of public/secret keys to hash data and authenticate instead.
On your WordPress profile, you will see a new “Remote Publishing Permissions” section listing out the applications that have permission to publish, along with their public and secret keys.
New applications can be added whenever you want. You can also change the names of applications, or revoke publishing permission by deleting them.
Additional Information
Lock graphic designed by Scott Lewis from the thenounproject.com
Screenshots
Ratings & Reviews
3.73 reviews
5 ★
2
4 ★
0
3 ★
0
2 ★
0
1 ★
1
Compatibility
| WordPress | 3.8+ requiredTested up to 4.0.38 |
| PHP | false+ required |
Top Alternatives to Secure XML-RPC
Frequently Asked Questions
Changelog
1.0.0
- New: Add a custom RPC method for generating application keys remotely.
- Dev change: Move all functional implementations inside our pseudo-namespace.
- Dev change: Use a constant-time string comparison method for better security and less data leakage during authentication.
- Dev change: Use a double-hash to prevent any potential length-extension attacks.
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.