Simple Disable XML-RPC | Reduce Brute Force & DDOS Attacks
Simple Disable XML-RPC is a lightweight, powerful WordPress plugin that gives you complete control over your site’s XML-RPC functionality. Protect your WordPress site from brute force attacks, DDoS attempts, and other XML-RPC security vulnerabilities with just one click.
🔒 Why Disable XML-RPC?
XML-RPC is a remote communication protocol that allows external applications to interact with your WordPress site. While useful for some services, it’s frequently exploited by attackers for:
- Brute Force Attacks – Automated password guessing attempts
- DDoS Attacks – Overwhelming your server with requests
- Resource Exhaustion – Slowing down your website
- Pingback Vulnerabilities – Exploiting pingback features
✨ Key Features
- 🎯 One-Click Control – Modern toggle switch interface (NEW in v1.4.0)
- 🔐 Enhanced Security – Block XML-RPC attacks instantly
- ⚡ Improved Performance – Reduce server load and resource usage
- 🎨 Beautiful Admin Interface – Clean, modern card-based design (NEW in v1.4.0)
- 🌐 Translation Ready – Fully internationalized and translation-ready
- 📱 Mobile Responsive – Settings page works perfectly on all devices
- 🧹 Clean Uninstall – Removes all data when uninstalled
- ⚙️ Developer Friendly – Well-coded, follows WordPress standards
- 🔄 Regular Updates – Actively maintained and tested with latest WordPress versions
- 💯 Lightweight – No bloat, minimal impact on your site
🆕 What’s New in Version 1.4.0
- ✅ Modern toggle switch replaces old checkbox
- ✅ Beautiful card-based admin interface
- ✅ Enhanced security with proper sanitization
- ✅ Better code organization (OOP approach)
- ✅ Improved accessibility and UX
- ✅ Removes X-Pingback header when disabled
- ✅ Fixed activation redirect for bulk installations
- ✅ Better mobile responsive design
🎯 Perfect For
- Security-focused website owners
- Sites that don’t use mobile apps or remote publishing
- Sites experiencing XML-RPC attacks
- Performance-conscious administrators
- Anyone wanting better control over WordPress features
🔧 How It Works
This plugin uses the native WordPress xmlrpc_enabled filter to safely disable XML-RPC without modifying core files. Simply activate the plugin, toggle the switch on the settings page, and you’re protected!
⚠️ Important Note
Disabling XML-RPC may affect: * WordPress mobile apps * Jetpack (some features) * Remote publishing tools * Pingbacks and trackbacks * Third-party services that rely on XML-RPC
Only disable XML-RPC if you don’t use these features.
🤝 Contributing & Bug Reports
Bug reports and pull requests are welcome on GitHub. Help us make this plugin better!
💝 Support the Development
If you find this plugin helpful, please consider: * ⭐ Rating it 5 stars * 🐛 Reporting bugs * 💬 Suggesting features * ☕ Buying us a coffee
Privacy Policy
Simple Disable XML-RPC does not:
- Collect any user data
- Store any personal information
- Make external API calls
- Use cookies or tracking
- Send data to third parties
The plugin only stores one setting in your WordPress database: whether XML-RPC is enabled or disabled.
Support
Need help? We’re here for you!
Credits
Developed with ❤️ by WordPress Satkhira Community
Contributors: * wpdelower * monarchwp23
Special thanks to all our users and contributors who help make this plugin better!