JSON REST API and XML-RPC API are powerful ways to remotely interact with WordPress.
If you don’t have external applications that need to communicate with your WordPress instance using JSON REST API or XML-RPC API you should disable access to them for external requests.
In the standard WordPress installation JSON REST API and XML-RPC API are enabled by default.
In particular the REST API is turned on also for unlogged users. This means that your WordPress instance is potentially leaking data, for example anyone could be able to:
Even if you could do the stuff by writing your own code using native filters, this plugin aims to help you to control JSON REST API and XML-RPC API accesses from the administration panel or programmatically by a simple API filter.
<link>
tags, REST Link
HTTP header and REST Really Simple Discovery (RSD) informations.<link>
to the Really Simple Discovery (RDS) informations.X-Pingback
HTTP header.Once the plugin is installed you can control settings in the following ways:
rest_xmlrpc_data_checker_settings
filter (see below).rest_xmlrpc_data_checker_settings
Filters plugin settings values.
apply_filters( 'rest_xmlrpc_data_checker_settings', array $settings )
rest_xmlrpc_data_checker_admin_settings
Filter allowing to display or not the plugin settings page in the administration.
apply_filters( 'rest_xmlrpc_data_checker_admin_settings', boolean $display )
rest_xmlrpc_data_checker_rest_error
Filter JSON REST authentication error after plugin checks.
apply_filters( 'rest_xmlrpc_data_checker_rest_error', WP_Error|boolean $result )
xmlrpc_before_insert_post
Filter XML-RPC post data to be inserted via XML-RPC before to insert post into database.
apply_filters( 'xmlrpc_before_insert_post', array|IXR_Error $content_struct, WP_User $user )