{"id":21317,"date":"2012-12-21T23:48:13","date_gmt":"2012-12-21T23:48:13","guid":{"rendered":"https:\/\/wordpress.org\/plugins-wp\/prevent-xmlrpc\/"},"modified":"2012-12-21T23:50:25","modified_gmt":"2012-12-21T23:50:25","slug":"prevent-xmlrpc","status":"closed","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/prevent-xmlrpc\/","author":1434303,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0","stable_tag":"0.1","tested":"3.5.2","requires":"3.0.1","requires_php":"","requires_plugins":"","header_name":"Prevent XMLRPC","header_author":"Nathan Briggs","header_description":"","assets_banners_color":"","last_updated":"2012-12-21 23:50:25","external_support_url":"","external_repository_url":"","donate_link":"http:\/\/wpshine.com\/","header_plugin_uri":"http:\/\/wordpress.org\/extend\/plugins\/prevent-xmlrpc\/","header_author_uri":"http:\/\/wpshine.com","rating":3.7,"author_block_rating":0,"active_installs":300,"downloads":5527,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":[],"upgrade_notice":[],"ratings":{"1":"1","2":0,"3":0,"4":0,"5":"2"},"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["0.1"],"block_files":[],"assets_screenshots":[],"screenshots":[]},"plugin_section":[],"plugin_tags":[600,599,6095,14731],"plugin_category":[44,54],"plugin_contributors":[81651],"plugin_business_model":[],"class_list":["post-21317","plugin","type-plugin","status-closed","hentry","plugin_tags-security","plugin_tags-spam","plugin_tags-trackback","plugin_tags-xmlrpc","plugin_category-discussion-and-community","plugin_category-security-and-spam-protection","plugin_contributors-nathancbriggs","plugin_committers-nathancbriggs"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/prevent-xmlrpc.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"<!--section=description-->\n<p>There's a vulnerability in WordPress's XMLRPC implementation, that permits trackback spam - even when you disable trackbacks.<\/p>\n\n<p>The only way to prevent this spam is to disable XMLRPC entirely. Some people have suggested renaming or deleting the xmlrpc.php file, but this is not a good idea, because it's altering core code and not trivial for novice users to undo.<\/p>\n\n<p>This plugin completely disables WordPress's XMLRPC functions, and doesn't alter or rename any core files. You can enable XMLRPC again by simply disabling this plugin.<\/p>\n\n<p>See http:\/\/www.acunetix.com\/blog\/web-security-zone\/wordpress-pingback-vulnerability\/ for detailed information about the vulnerability in WordPress's XMLRPC handler.<\/p>\n\n<h3>Credits<\/h3>\n\n<p>Props to Bogdan Calin at Acunetix.com and Gennady Kovshenin at codeseekah.com for finding and discussing the vulnerability.<\/p>\n\n<p>Props also to Judy Kettenhofen, my partner at wpshine.com, for giving me the idea to write this plugin.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload <code>plugin-name.php<\/code> to the <code>\/wp-content\/plugins\/<\/code> directory<\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress<\/li>\n<li>That's it!<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt>My Windows Live Writer does work<\/dt>\n<dd><p>Windows Live Writer, and other similar services, use the XMLRPC interface to \"talk\" to your WordPress site, so it won't work while this plugin is active.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>0.1<\/h4>\n\n<ul>\n<li>First release<\/li>\n<\/ul>","raw_excerpt":"Totally disables XMLRPC, preventing the recent Pingback spam vulnerability.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/21317","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=21317"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/nathancbriggs"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=21317"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=21317"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=21317"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=21317"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=21317"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=21317"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}