AddonLogic Disable XML-RPC

About this Plugin

Disable XML-RPC gives you precise control over WordPress's XML-RPC interface — a frequent target for brute-force, DDoS amplification (via pingback multicall), and credential-stuffing attacks. You can disable all XML-RPC, disable only pingbacks, or leave XML-RPC fully enabled for trusted IPs while blocking everyone else. The plugin also removes the X-Pingback header, RSD link, and WLW manifest link from your site's HTML output.

Plugin Details

Category	Security
Author	Snehal Pancholi — Freelance Developer
Plugin Page	https://addonlogic.com/disable-xmlrpc
Requires	WordPress 6.0+, PHP 8.1+
License	GPL-2.0+

Installation

Download the plugin ZIP file using the button on this page.
Go to WordPress Admin → Plugins → Add New.
Click Upload Plugin and select the downloaded ZIP.
Click Install Now then Activate Plugin.