plugin-icon

Stop XML-RPC Attacks

By Pascal CESCATO·
Blocks dangerous XML-RPC methods while preserving Jetpack, WooCommerce, and mobile apps compatibility.
Brute Force
ddos
jetpack
Ratings
5
Version
2.0.0
Active installations
6K
Last updated
Jan 1, 2026
Stop XML-RPC Attacks

Stop XML-RPC Attacks protects your WordPress site from XML-RPC brute force attacks, DDoS attempts, and reconnaissance probes while maintaining compatibility with essential services like Jetpack and WooCommerce.

Features:

  • Three security modes: Full Disable, Guest Disable, or Selective Blocking
  • Blocks dangerous methods: system.multicall, pingback.ping, and more
  • Compatible with Jetpack and WooCommerce
  • Optional user enumeration blocking
  • Attack logging for monitoring
  • Zero configuration required – works out of the box
  • Clean, intuitive admin interface
Freeon Business plan
Get started
By installing, you agree to WordPress.com Terms of Service and Third-Party plugin Terms.
Tested up to
WordPress 6.9.1
This plugin is available for download for your site.
Download