Is XML-RPC Settings free?

Yes, XML-RPC Settings is free to use. It is available as a free plugin on WordPress.org.

How many websites use XML-RPC Settings?

XML-RPC Settings has 30 active installations as tracked by WordPress.org.

What are the best XML-RPC Settings alternatives?

Popular alternatives to XML-RPC Settings include Cloudflare, Disable XML-RPC Pingback, Stop XML-RPC Attacks. You can compare them side-by-side on our comparison pages.

Does XML-RPC Settings work with the latest WordPress?

XML-RPC Settings has been tested up to WordPress 5.8.13. It requires WordPress 3.9+ and PHP 5.3+.

PluginSift

XML-RPC Settings

Name: XML-RPC Settings
Author: vavkamil

Secure your website with the most comprehensive XML-RPC Settings plugin.

By vavkamil·Ddos·Free

·30 active installs·Updated 4 years ago

Download Visit Homepage Compare

As of April 2026, XML-RPC Settings is a WordPress ddos plugin with 30 active installations and a 0/5 rating0. It has been downloaded 1.9K+ times in total. Requires WordPress 3.9+ and PHP 5.3+. Available on WordPress.org since 2021. Last updated 4 years ago — may have compatibility concerns. Top alternative: Cloudflare.

0/5Rating

30active installs

1.9K+total downloads

5 yearssince 2021

Overview

XML-RPC Settings

Configure XML-RPC methods to increase the security of your website:

Build-in features could be used for malicious purposes and cannot be disabled by default.

Disable GET access
- XML-RPC API only responds to POST requests. Direct GET access is not needed and can be used to fingerprint websites and use them as XML-RPC zombies in later attacks.
Disable system.multicall
- system.multicall method can be misused for amplification attacks.
Disable system.listMethods
- system.listMethods method can be used for verifying attack scope.

Prevent malicious actors from enumerating usernames and credentials.

Disable authenticated methods
- Methods requiring authentication, such as wp.getUsersBlogs, are often used to brute-force your passwords.

Pingbacks are a helpful feature to…

Read full description on WordPress.org

Screenshots

Ratings & Reviews

00 reviews

5 ★

4 ★

3 ★

2 ★

1 ★

Compatibility

WordPress	3.9+ requiredTested up to 5.8.13
PHP	5.3+ required

Top Alternatives to XML-RPC Settings

Cloudflare

3.5200K+ installsUpdated 3 months ago

View Compare

Disable XML-RPC Pingback

3.960K+ installsUpdated 4 months ago

View Compare

Stop XML-RPC Attacks

56.0K+ installsUpdated 3 months ago

View Compare

Protection Against DDoS

53.0K+ installsUpdated 5 years ago

View Compare

Eazy XMLRPC Pingback Disable

5800 installsUpdated 8 years ago

View Compare

View all ddos plugins →

Frequently Asked Questions

Changelog

1.2.1 – October 05, 2021

Fix callback function to register settings

View full changelog on WordPress.org

Contributors

vavkamil

Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.

XML-RPC Settings

Secure your website with the most comprehensive XML-RPC Settings plugin.

By vavkamil·Ddos·Free

·30 active installs·Updated 4 years ago

Download Visit Homepage Compare

0/5Rating

30active installs

1.9K+total downloads

5 yearssince 2021

Overview

XML-RPC Settings

Configure XML-RPC methods to increase the security of your website:

Build-in features could be used for malicious purposes and cannot be disabled by default.

Disable GET access
- XML-RPC API only responds to POST requests. Direct GET access is not needed and can be used to fingerprint websites and use them as XML-RPC zombies in later attacks.
Disable system.multicall
- system.multicall method can be misused for amplification attacks.
Disable system.listMethods
- system.listMethods method can be used for verifying attack scope.