Heya, when I try to delete the plugin, I see an error message:
Du kannst ein Plugin nicht l?schen, so lange es noch auf der Haupt-Website aktiv ist.
Even though I deactivated it, it seems still to be active and can’t be deleted – what can I do now?
]]>How can I deny access to the XML-RPC Security in de admin menu for all roles except for a certain one?
Thanks in advance.
]]>Hi ! Since 2.1.4.9, you’re writing .htaccess with :
<Files xmlrpc.php>
order deny,allow
deny from all
122.248.245.244/32
54.217.201.243/32
54.232.116.4/32
192.0.80.0/20
192.0.96.0/20
192.0.112.0/20
195.234.108.0/22
</Files>Instead of :
<Files xmlrpc.php>
Order deny,allow
Deny from all
Allow from 122.248.245.244/32
Allow from 54.217.201.243/32
Allow from 54.232.116.4/32
Allow from 192.0.80.0/20
Allow from 192.0.96.0/20
Allow from 192.0.112.0/20
Allow from 195.234.108.0/22
</Files>Hence, breaking websites using the plugin because of .htaccess syntax errors.
]]>The notification from WP Security Guard in the dashboard cannot be switched off. The buttons Remind me later and Not interested are not active. This has been annoying since version 2.1.4.9.
How can the notification be switched off?
Hi I am looking to switch to your plugin away from https://www.ads-software.com/plugins/disable-xml-rpc/ and have a few questions.
thanks
George
]]>Running under PHP 8.1 getting the following PHP warning.
Version 2.1.4.8
[03-Jul-2023 20:23:16 America/New_York] PHP Warning: Undefined array key “plugins” in /home/Account/public_html/Domain/wp-content/plugins/disable-xml-rpc-api/disable-xml-rpc-api.php on line 294
]]>Hi!
I was testing your plugin on my site alongside Jetpack. I have the Enable xml-rpc for Jetpack setting turned on, but the connection is still breaking. I tried adding all the IP addresses found here (it’s a long list!) to the White list IPs section and that fixed the issue.
Is there any plans to update this so that the setting allows all Jetpack IP addresses?
]]>We are getting these messages in woocommerce logs:
CRITICAL Uncaught Error: Class 'dsxmlrpc\WP_Error' not found in /home/dresslemuse.com/public_html/web/app/plugins/disable-xml-rpc-api/disable-xml-rpc-api.php:460
Stack trace:
#0 /home/dresslemuse.com/public_html/web/wp/wp-includes/class-wp-hook.php(308): dsxmlrpc\xmlrpcSecurity->dsxmlrpc\{closure}()
#1 /home/dresslemuse.com/public_html/web/wp/wp-includes/plugin.php(205): WP_Hook->apply_filters()
#2 /home/dresslemuse.com/public_html/web/wp/wp-includes/rest-api/class-wp-rest-server.php(189): apply_filters()
#3 /home/dresslemuse.com/public_html/web/wp/wp-includes/rest-api/class-wp-rest-server.php(439): WP_REST_Server->check_authentication()
#4 /home/dresslemuse.com/public_html/web/wp/wp-includes/rest-api.php(410): WP_REST_Server->serve_request()
#5 /home/dresslemuse.com/public_html/web/wp/wp-includes/class-wp-hook.php(308): rest_api_loaded()
#6 /home/dresslemuse.com/public_html/web/wp/wp-includes/class-wp-hook.php(332): WP_Hook->apply_filters()
#7 /home/dresslemuse.com/public_html/web/wp/wp-includes/plugin.php(565): WP_H in /home/dresslemuse.com/public_html/web/app/plugins/disable-xml-rpc-api/disable-xml-rpc-api.php on line 460Why is this plugin expecting WP_Error class to be in the plugin root directory? It is defined in wp-includes/class-wp-error.php
]]>Hello Amin!
Hope you are doing well.
Just an idea to deactivate…
Go to cPanel > PHP Selector > De-activate xmlrpc?
That would also prevent the xmlrpc module from being loaded in PHP I guess. Maybe you would like to give your opinion? ??
Just tried to disable XML-RPC on an outdated WP site (WP 3.9) and got a fatal error:Call to undefined function get_parent_theme_file_path()
Function get_parent_theme_file_path() was introduced in WordPress v4.7.0.
Would appreciate if you adjust the info for the required WP version with the next update.
]]>Hi when i try and delete this app i get the following error
Deletion failed: TypeError throwncall_user_func_array(): Argument #1 ($callback) must be a valid callback, function “uninstall_action” not found or invalid function name
Other errors have been Deletion failed: There has been a critical error on this website.Learn more about troubleshooting WordPress.
Please help
]]>The plugin disables my rss feeds
I saw your previous answer about that, but i can’t find speed up WP settin… !
]]>All is in the title ??
]]>I’ve been using your plugin for several sites I maintain and like it. But I recently have been getting notifications from Google Search Console that the /xmlrpc.php file can’t be indexed. Obviously, I don’t want it indexed, so I wondered why it was telling me this.
It turns out, some site aggregators are including the X-Pingback header on their pages, which is getting crawled by a Google bot.
So I was wondering if you’d be able to include an update that also removes this header information from HTTP requests. Here’s a Stack overflow topic about how to do it: https://wordpress.stackexchange.com/questions/31943/is-there-a-way-to-completely-turn-off-pingbacks-trackbacks
Thanks!
]]>Hi there,
I get this log message printed at the top of the Plugins page:
Undefined variable $htaccess_code in ../wp-content/plugins/disable-xml-rpc-api/disable-xml-rpc-api.php:228
I looked at the line mentioned in the message and found out that when “hotlink fix” is disabled, the variable $htaccess_code is never defined (first defined in the if block, when hotlink fix is enabled). So, concatenating $htaccess_code causes this warning message. I guess something like
$htaccess_code = '';
is required before the if block.
The plugin keeps writing
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>into .htaccess, even under Apache 2.4. Why is it stuck on the old syntax?
]]>I love disable XML-RPC-API. Thank you so much for developing it. It really helps protect us.
We are working on moving to WordPress 6 and php8.0/php8.1 and noticed we are getting some warnings. Not a big deal. Just wanted to let you know.
Warning: chmod(): Operation not permitted in /var/www/html/dev.adst.org/wp-content/plugins/disable-xml-rpc-api/disable-xml-rpc-api.php on line 74
Warning: chmod(): Operation not permitted in /var/www/html/dev.adst.org/wp-content/plugins/disable-xml-rpc-api/disable-xml-rpc-api.php on line 74
Thank you again.
]]>Hello!
I was working on styling a site and noticed the updates weren’t coming through properly. I checked & the version of the main css file wasn’t coming through, for example the page was pulling “style.css” when it should’ve been “style.css?ver=123456789”. I went through the installed plugins & deactivated each one at a time and found that deactivating this plugin fixed the issue. I’d prefer to keep this plugin activated given its benefits, however it’s interfering with the site’s styling.
Any idea what might be going on or if there’s a known fix?
Thanks!
]]>I am on the latest WP, and LAMP components. I get thousands of WordPress.xmlrpc.php.system.multicall.Amplification.Attack on my Fortinet 60E firewall. I thought I might disable XMLRPC on each web site. When I install your plugin, the site crashes immediately. I can’t even get to the main page without a technical error. I also saw 10+ Allow from entries in the .htaccess file. What are those?
I am protected by my firewall. IPS is blocking them for 7 days.
]]>Hello,
Since the update a couple of days ago product variations dont work anymore. As soon as i disable the plugin it works again.
If you choose an option it doesnt recognise it as such and you can not add the product to your cart.
The warning says: “Please select the product options before adding the item to the shopping cart”
Has anyone else encountered that problem ? Is a fix coming?
Thanks a lot
]]>Hi,
I use the plugin “Disable XML-RPC-API”.
Is this plugin GDPR compliant?
Are cookies set?
Thanks for a short answer ??
Can you specify the plugin version on the download button please? My teamlead afraid of the hypothetical situation when some plugins may become obsolete on specific WordPress versions or/and in case of abandonment by their developers. So, I’m sure that 2.1.2 version is fine and dandy, but what if one day the new release will just break?
]]>After upgrading to WP 5.9, I realized I could not create a new blog post (just got a white screen).
Determining that this was probably a problem with a plugin, I disabled them all which solved the problem (but obviously created new ones). I reactivated them one by one and determined that Disable XML-RPC-API was the problem.
As long as Disable XML-RPC-API plugin is deactivated, there is no problem. When I activate it the problem returns. I have the latest version installed.
Has anyone else encountered this problem? Is there a fix coming?
Thank you so much
]]>Hi, i update all my plugins, wordpress and themes looking for solve Elementor Crash, i deactivate all my plugins and this XML-RCP version 2.1.2 was the problem, i make a rollback to version XML-RCP 2.0 and elementor works again.
Hope this help to someone with the same problem.
I use:
Wordpress 5.8.2
Elementor 3.4.7
Php 7.4
MariaDB 10.3.31
Ubuntu 20.04
I installed and activated your plugin because I received warnings about many attempts to login via xml-rpc
But the warnings didn’t stop.
I am still trying to hack through the xml-rpc.
I checked the plugin and made changes to the htaccess file but nothing still works I ask for help
]]>Plugin is installed and enabled but still getting this message when checking “XML-RPC server accepts POST requests only.”
I can confirm in the .htaccess it has the command,
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
Because of this, do I need to manually disable xmlprc.php via nginx instead?
]]>Hello,
i try to implement a direkt download link to the 2.1.2 version of your plugin into my deployment-pipeline. Unfortunately the zip file of this version (2.1.2) is defect. The file is only 348 bytes in size, as where the 2.1.1 is 287 KB in size.
Can you please check this and re-upload the correct zip file for version 2.1.2?
Thanks in advance and kind regards
Felix
]]>I’m in the process of upgrading multiple sites to PHP 8 and I noticed that I am getting a warning from your plugin since upgrading from 7.4. Going to the home page causes the warnings. Doesn’t seem to hurt anything but I would prefer a clean log file. Let me know if you need any more info. Thanks you.
WP 5.8 / Version 2.2.1 of your plugin / Custom Theme
CENTOS PHP-FPM 8.06 APACHE
[15-Aug-2021 03:57:38 UTC] PHP Warning: Constant DISALLOW_FILE_EDIT already defined in /home/airviewinn/public_html/wp-content/plugins/disable-xml-rpc-api/disable-xml-rpc-api.php on line 330
[15-Aug-2021 03:57:38 UTC] PHP Warning: Constant DISALLOW_FILE_EDIT already defined in /home/airviewinn/public_html/wp-content/plugins/disable-xml-rpc-api/disable-xml-rpc-api.php on line 330
Hi,
After disabling xml-rpc, we are still getting bot attacks to the url trying to log in. Is it because we are using pure nginx? Anything else we need to set up?
Regards,
Sven
Hello,
I’ve installed your plug-in on several websites, without a problem. Actually, it is one of the few plug-ins I install on every WordPress install. On one particular site, however, all of a sudden, I got a warning from another plug-in (W3C Total Cache) the htaccess couldn’t be modified. As a matter of fact, my htaccess permissions were set to 444.
If I change the permission to 644, after less than a minute it reverts to 444.
At first I thought my site had been hacked, since I know of at least one kind of attack that sets htaccess permission to 444. But after several Wordfence scans and inspecting a local copy of my install, I’m pretty sure that wasn’t the case.
I tried to deactivate every plug-in and re-activate them one by one, and the plug-in causing the problem was indeed “Disable XML-RPC-API”.
Honestly, I don’t know why it happens only on this install – I have 3 websites on the same shared server, and the respective htaccess are not giving me any trouble.
Do you have any hint about what could cause this problem? Any known incompatibility.
Thanks in advance.