Deze plugin is niet getest met de laatste 3 grotere versies van WordPress. Mogelijk wordt het niet meer onderhouden of ondersteund. Ook kunnen er compatibiliteitsproblemen ontstaan wanneer het wordt gebruikt met recentere versies van WordPress.

Prevent XMLRPC


There’s a vulnerability in WordPress’s XMLRPC implementation, that permits trackback spam – even when you disable trackbacks.

The only way to prevent this spam is to disable XMLRPC entirely. Some people have suggested renaming or deleting the xmlrpc.php file, but this is not a good idea, because it’s altering core code and not trivial for novice users to undo.

This plugin completely disables WordPress’s XMLRPC functions, and doesn’t alter or rename any core files. You can enable XMLRPC again by simply disabling this plugin.

See for detailed information about the vulnerability in WordPress’s XMLRPC handler.


Props to Bogdan Calin at and Gennady Kovshenin at for finding and discussing the vulnerability.

Props also to Judy Kettenhofen, my partner at, for giving me the idea to write this plugin.


  1. Upload plugin-name.php to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. That’s it!


My Windows Live Writer does work

Windows Live Writer, and other similar services, use the XMLRPC interface to “talk” to your WordPress site, so it won’t work while this plugin is active.

Bijdragers & ontwikkelaars

“Prevent XMLRPC” is open source software. De volgende personen hebben bijgedragen aan deze plugin.


Vertaal “Prevent XMLRPC” naar jouw taal.

Interesse in ontwikkeling?

Bekijk de code, haal de SVN repository op, of abonneer je op het ontwikkellog via RSS.



  • First release