Title: Simple Disable XML-RPC | Reduce Brute Force & DDOS Attacks Author: Delower Hossain Published: 12, Avientu de 2023 Last modified: 9, Payares de 2025 --- Guetar plugins ![](https://ps.w.org/simple-disable-xml-rpc/assets/banner-772x250.png?rev=3038907) ![](https://ps.w.org/simple-disable-xml-rpc/assets/icon.svg?rev=3038907) # Simple Disable XML-RPC | Reduce Brute Force & DDOS Attacks By [Delower Hossain](https://profiles.wordpress.org/wpdelower/) [Download](https://downloads.wordpress.org/plugin/simple-disable-xml-rpc.1.4.0.zip) * [Details](https://ast.wordpress.org/plugins/simple-disable-xml-rpc/#description) * [Reviews](https://ast.wordpress.org/plugins/simple-disable-xml-rpc/#reviews) * [Installation](https://ast.wordpress.org/plugins/simple-disable-xml-rpc/#installation) * [Development](https://ast.wordpress.org/plugins/simple-disable-xml-rpc/#developers) [Support](https://wordpress.org/support/plugin/simple-disable-xml-rpc/) ## Description **Simple Disable XML-RPC** is a lightweight, powerful WordPress plugin that gives you complete control over your site’s XML-RPC functionality. Protect your WordPress site from brute force attacks, DDoS attempts, and other XML-RPC security vulnerabilities with just one click. ### 🔒 Why Disable XML-RPC? XML-RPC is a remote communication protocol that allows external applications to interact with your WordPress site. While useful for some services, it’s frequently exploited by attackers for: * **Brute Force Attacks** – Automated password guessing attempts * **DDoS Attacks** – Overwhelming your server with requests * **Resource Exhaustion** – Slowing down your website * **Pingback Vulnerabilities** – Exploiting pingback features ### ✨ Key Features * **🎯 One-Click Control** – Modern toggle switch interface (NEW in v1.4.0) * **🔐 Enhanced Security** – Block XML-RPC attacks instantly * **⚡ Improved Performance** – Reduce server load and resource usage * **🎨 Beautiful Admin Interface** – Clean, modern card-based design (NEW in v1.4.0) * **🌐 Translation Ready** – Fully internationalized and translation-ready * **📱 Mobile Responsive** – Settings page works perfectly on all devices * **🧹 Clean Uninstall** – Removes all data when uninstalled * **⚙️ Developer Friendly** – Well-coded, follows WordPress standards * **🔄 Regular Updates** – Actively maintained and tested with latest WordPress versions * **💯 Lightweight** – No bloat, minimal impact on your site ### 🆕 What’s New in Version 1.4.0 * ✅ Modern toggle switch replaces old checkbox * ✅ Beautiful card-based admin interface * ✅ Enhanced security with proper sanitization * ✅ Better code organization (OOP approach) * ✅ Improved accessibility and UX * ✅ Removes X-Pingback header when disabled * ✅ Fixed activation redirect for bulk installations * ✅ Better mobile responsive design ### 🎯 Perfect For * Security-focused website owners * Sites that don’t use mobile apps or remote publishing * Sites experiencing XML-RPC attacks * Performance-conscious administrators * Anyone wanting better control over WordPress features ### 🔧 How It Works This plugin uses the native WordPress `xmlrpc_enabled` filter to safely disable XML-RPC without modifying core files. Simply activate the plugin, toggle the switch on the settings page, and you’re protected! ### ⚠️ Important Note Disabling XML-RPC may affect: * WordPress mobile apps * Jetpack (some features)* Remote publishing tools * Pingbacks and trackbacks * Third-party services that rely on XML-RPC Only disable XML-RPC if you don’t use these features. ### 🤝 Contributing & Bug Reports Bug reports and pull requests are welcome on [GitHub](https://github.com/WordPress-Satkhira-Community/simple-disable-xml-rpc). Help us make this plugin better! ### 💝 Support the Development If you find this plugin helpful, please consider: * ⭐ [Rating it 5 stars](https://wordpress.org/support/plugin/simple-disable-xml-rpc/reviews/)* 🐛 [Reporting bugs](https://github.com/WordPress-Satkhira-Community/simple-disable-xml-rpc/issues)* 💬 [Suggesting features](https://github.com/WordPress-Satkhira-Community/simple-disable-xml-rpc/issues)* ☕ [Buying us a coffee](https://www.wpsatkhira.com/donate) ### Privacy Policy Simple Disable XML-RPC does not: * Collect any user data * Store any personal information * Make external API calls * Use cookies or tracking * Send data to third parties The plugin only stores one setting in your WordPress database: whether XML-RPC is enabled or disabled. ### Support Need help? We’re here for you! * 📖 [Documentation](https://www.wpsatkhira.com) * 💬 [Support Forum](https://wordpress.org/support/plugin/simple-disable-xml-rpc/) * 🐛 [Report Bugs](https://github.com/WordPress-Satkhira-Community/simple-disable-xml-rpc/issues) * ⭐ [Rate Plugin](https://wordpress.org/support/plugin/simple-disable-xml-rpc/reviews/) ### Credits Developed with ❤️ by [WordPress Satkhira Community](https://www.wpsatkhira.com) **Contributors:** * [wpdelower](https://profiles.wordpress.org/wpdelower/) * [monarchwp23](https://profiles.wordpress.org/monarchwp23/) Special thanks to all our users and contributors who help make this plugin better! ## Screenshots * [[ * **Modern Settings Page** – Beautiful card-based interface with toggle switch * [[ * **Toggle Switch in Action** – Easy one-click enable/disable control ## Installation ### Automatic Installation (Recommended) 1. Log in to your WordPress admin panel 2. Navigate to **Plugins > Add New** 3. Search for **“Simple Disable XML-RPC”** 4. Click **“Install Now”** button 5. Click **“Activate”** button 6. You’ll be redirected to **Settings > Disable XML-RPC** 7. Toggle the switch to enable/disable XML-RPC ### Manual Installation 1. Download the plugin zip file 2. Log in to your WordPress admin panel 3. Navigate to **Plugins > Add New > Upload Plugin** 4. Choose the downloaded zip file and click **“Install Now”** 5. Click **“Activate Plugin”** 6. Go to **Settings > Disable XML-RPC** 7. Toggle the switch to your preference ### FTP Installation 1. Download and extract the plugin zip file 2. Upload the `simple-disable-xml-rpc` folder to `/wp-content/plugins/` directory 3. Activate the plugin through the **Plugins** menu in WordPress 4. Configure settings at **Settings > Disable XML-RPC** ## FAQ ### What is XML-RPC and why should I disable it? XML-RPC is a remote procedure call protocol that allows external applications to communicate with your WordPress site. While it enables features like mobile apps and remote publishing, it’s also a common target for: * Brute force attacks * DDoS attacks * Server resource exhaustion * Security vulnerabilities If you don’t use WordPress mobile apps, Jetpack, or remote publishing tools, it’s recommended to disable XML-RPC for better security. ### Will this plugin break my site? No, this plugin safely disables XML-RPC using WordPress’s native filter. However, it may affect: * WordPress mobile apps * Jetpack functionality * Pingbacks and trackbacks * Third-party services using XML-RPC API Test after activation to ensure your required features still work. ### How do I know if XML-RPC is successfully disabled? There are several ways to verify: **Method 1: WordPress Mobile App** Try connecting with the official WordPress mobile app. You should see: “XML-RPC services are disabled on this site” **Method 2: Online Validator** Use the [XML-RPC Validator](https://xmlrpc.blog/) tool. When properly disabled, it will show an error message. You should receive a response indicating XML-RPC is disabled. ### Does this plugin improve website performance? Yes! When XML-RPC is disabled, your server doesn’t need to process XML-RPC requests, which can: * Reduce server load * Prevent resource exhaustion * Speed up response times * Save bandwidth ### Is this plugin compatible with other security plugins? Yes! Simple Disable XML-RPC works seamlessly with other security plugins like: * Wordfence Security * Sucuri Security * iThemes Security * All In One WP Security * And more! ### What’s the difference between disabling via .htaccess vs this plugin? **Plugin Method (Recommended):** * Uses WordPress native filters * Easier to manage* No server configuration needed * Can be toggled on/off easily * Won’t cause server errors **.htaccess Method:** * Requires manual file editing * Can break if edited incorrectly* Harder to reverse * May cause conflicts ### Can I re-enable XML-RPC if needed? Absolutely! Just go to **Settings > Disable XML-RPC** and toggle the switch off. Changes take effect immediately. ### Does this work on WordPress multisite? Yes, the plugin works on both single WordPress installations and multisite networks. On multisite, it must be configured per-site. ### Will this plugin be updated regularly? Yes! We actively maintain this plugin and test it with every new WordPress release. Updates are pushed regularly to ensure compatibility and security. ### Where can I get support? * [WordPress.org Support Forum](https://wordpress.org/support/plugin/simple-disable-xml-rpc/) * [GitHub Issues](https://github.com/WordPress-Satkhira-Community/simple-disable-xml-rpc/issues) * [Plugin Documentation](https://www.wpsatkhira.com) ### How can I contribute to this plugin? We welcome contributions! You can: * Submit bug reports on [GitHub](https://github.com/WordPress-Satkhira-Community/simple-disable-xml-rpc/issues) * Create pull requests with improvements * Translate the plugin into your language * Leave a review and rating * Suggest new features ## Reviews ![](https://secure.gravatar.com/avatar/d87fd906edc0905bce150414915d17d931d9b2e10b1cc951c0beccb433938313? s=60&d=retro&r=g) ### 󠀁[Simple, Lightweight & Effective](https://wordpress.org/support/topic/simple-lightweight-effective-2/)󠁿 [Raihan](https://profiles.wordpress.org/raihanbabubd/) 1, Xunetu de 2025 I always recommend this plugin for quickly disabling XML-RPC and boosting WordPress security. No config needed—just activate and done. Appreciate the effort! ![](https://secure.gravatar.com/avatar/cce002ad8f82bc4224a22e6d86d1f954b949a216a965f05e53f6beaef1981289? s=60&d=retro&r=g) ### 󠀁[Very easy and ready to use](https://wordpress.org/support/topic/very-easy-and-ready-to-use/)󠁿 [Riad Mahmud](https://profiles.wordpress.org/riadmahmud46/) 29, Xunu de 2025 1 reply It’s one of my go to plugin to make extra security layer. Thanks for this great plugin buddy. ![](https://secure.gravatar.com/avatar/dc056b96c18169816a4fce50faa3e7005576876ce2bef864355a26c2c72d0995? s=60&d=retro&r=g) ### 󠀁[Beautiful and easy plugin](https://wordpress.org/support/topic/beautiful-and-easy-plugin/)󠁿 [Ashim Mollick](https://profiles.wordpress.org/ashimmollick/) 21, Payares de 2024 1 reply Beautiful and easy plugin ![](https://secure.gravatar.com/avatar/9e8eef52438a2ebfe3f3d3afd7eee40fca075216001f899b51937f8554ad14b3? s=60&d=retro&r=g) ### 󠀁[Plugin results](https://wordpress.org/support/topic/plugin-results-2/)󠁿 [Shamim Ahamed](https://profiles.wordpress.org/shamimahamedwp/) 12, Avientu de 2023 1 reply I have install the plugin and it works fine. I highly recommend for try it out this must needed plugin. to disable XML-RPC and it’s very easy to us. ![](https://secure.gravatar.com/avatar/d77bc61e0e2dee35a38b05e2df673f4b2cef066ae2e9cdf1b6043e7fe489136b? s=60&d=retro&r=g) ### 󠀁[Excellent Solution](https://wordpress.org/support/topic/excellent-solution-70/)󠁿 [jimk111](https://profiles.wordpress.org/jimk111/) 12, Avientu de 2023 1 reply Simple is certainly appropriate for this very straightforward plugin “Simple Disable”– To improve our security I now have it installed on all my client websites hosted on Hostinger – (Jim, Neat Websites) [ Read all 6 reviews ](https://wordpress.org/support/plugin/simple-disable-xml-rpc/reviews/) ## Contributors & Developers “Simple Disable XML-RPC | Reduce Brute Force & DDOS Attacks” is open source software. The following people have contributed to this plugin. Contributors * [ Delower Hossain ](https://profiles.wordpress.org/wpdelower/) * [ MonarchWP ](https://profiles.wordpress.org/monarchwp23/) [Translate “Simple Disable XML-RPC | Reduce Brute Force & DDOS Attacks” into your language.](https://translate.wordpress.org/projects/wp-plugins/simple-disable-xml-rpc) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/simple-disable-xml-rpc/), check out the [SVN repository](https://plugins.svn.wordpress.org/simple-disable-xml-rpc/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/simple-disable-xml-rpc/) by [RSS](https://plugins.trac.wordpress.org/log/simple-disable-xml-rpc/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.4.0 (2025-11-09) **Major Update – UI Overhaul & Security Enhancements** * 🎨 NEW: Modern toggle switch interface replacing checkboxes * 🎨 NEW: Beautiful card-based admin design * 🔒 IMPROVED: Enhanced security with proper sanitization callbacks * 🔒 IMPROVED: Added X-Pingback header removal * ⚡ IMPROVED: Better code organization with OOP structure * ⚡ IMPROVED: Separated files for better maintainability * 🐛 FIXED: Activation redirect issue with bulk plugin activation * 🐛 FIXED: Consistent function prefixing * ♿ IMPROVED: Better accessibility and mobile responsive design * 🧹 NEW: Proper uninstall cleanup script * 📚 IMPROVED: Better documentation and inline comments * 🌐 IMPROVED: Enhanced translation support #### 1.3.5 (2025-04-20) * 🐛 Bug fixes * ⚡ Performance improvements * ✅ WordPress 6.8 compatibility tested #### 1.3.4 (2024-11-17) * 🐛 Bug fixes * ⚡ Performance improvements * ✅ WordPress 6.7 compatibility tested #### 1.3.3 (2024-07-17) * 🐛 Bug fixes * ⚡ Performance improvements * ✅ WordPress 6.6 compatibility tested #### 1.3.2 (2024-04-02) * 🐛 Bug fixes * ⚡ Performance improvements * ✅ WordPress 6.5 compatibility tested #### 1.3.1 (2024-03-23) * 🔒 Important security update * 🐛 Bug fixes * 🎨 Plugin live preview added #### 1.3.0 (2024-03-12) * ⚡ Performance improvements * 🔒 Security enhancements #### 1.2.5 (2024-03-12) * 🔧 Plugin compatibility fixes #### 1.2.4 (2024-03-12) * 🐛 Bug fixes and improvements #### 1.2.3 (2024-03-11) * 🐛 Bug fixes and improvements #### 1.2.2 (2024-02-21) * 🐛 Bug fixes and improvements #### 1.2.1 (2024-01-31) * 📝 Settings description updated #### 1.2.0 (2024-01-31) * ✅ WordPress 6.4.3 compatibility * 🐛 Bug fixes * 📚 New FAQs added #### 1.1.0 * 🎯 Auto-redirect to settings after activation * 🐛 Bug fixes #### 1.0.0 * 🎉 Initial release ## Meta * Version **1.4.0** * Last updated **5 meses ago** * Active installations **1.000+** * WordPress version ** 6.1 or higher ** * Tested up to **6.8.5** * PHP version ** 7.4 or higher ** * Language * [English (US)](https://wordpress.org/plugins/simple-disable-xml-rpc/) * Tags * [disable xml-rpc](https://ast.wordpress.org/plugins/tags/disable-xml-rpc/)[wordpress security](https://ast.wordpress.org/plugins/tags/wordpress-security/) [xml](https://ast.wordpress.org/plugins/tags/xml/)[xmlrpc](https://ast.wordpress.org/plugins/tags/xmlrpc/) * [Advanced View](https://ast.wordpress.org/plugins/simple-disable-xml-rpc/advanced/) ## Ratings 5 out of 5 stars. * [ 5 5-star reviews ](https://wordpress.org/support/plugin/simple-disable-xml-rpc/reviews/?filter=5) * [ 0 4-star reviews ](https://wordpress.org/support/plugin/simple-disable-xml-rpc/reviews/?filter=4) * [ 0 3-star reviews ](https://wordpress.org/support/plugin/simple-disable-xml-rpc/reviews/?filter=3) * [ 0 2-star reviews ](https://wordpress.org/support/plugin/simple-disable-xml-rpc/reviews/?filter=2) * [ 0 1-star reviews ](https://wordpress.org/support/plugin/simple-disable-xml-rpc/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/simple-disable-xml-rpc/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/simple-disable-xml-rpc/reviews/) ## Contributors * [ Delower Hossain ](https://profiles.wordpress.org/wpdelower/) * [ MonarchWP ](https://profiles.wordpress.org/monarchwp23/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/simple-disable-xml-rpc/)