Prevent XMLRPC

Totally disables XMLRPC, preventing the recent Pingback spam vulnerability.

Author:Nathan Briggs (profile at wordpress.org)
WordPress version required:3.0.1
WordPress version tested:3.5
Plugin version:1.0
Added to WordPress repository:21-12-2012
Last updated:21-12-2012
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
Rating, %:74
Rated by:3
Plugin URI:http://wordpress.org/extend/plugins/prevent-x...
Total downloads:5 128
Active installs:900+
plugin download
Click to start download

There's a vulnerability in WordPress's XMLRPC implementation, that permits trackback spam - even when you disable trackbacks.

The only way to prevent this spam is to disable XMLRPC entirely. Some people have suggested renaming or deleting the xmlrpc.php file, but this is not a good idea, because it's altering core code and not trivial for novice users to undo.

This plugin completely disables WordPress's XMLRPC functions, and doesn't alter or rename any core files. You can enable XMLRPC again by simply disabling this plugin.

See http://www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/ for detailed information about the vulnerability in WordPress's XMLRPC handler.