﻿=== Remove & Disable XML-RPC Pingback ===
Contributors: cleverplugins, lkoudal
Tags: xmlrpc, xml-rpc, ping, pingback, disable ping, disable xmlrpc, disable pingback, disable xml-rpc
Requires at least: 5.2
Requires PHP: 5.6
Tested up to: 6.3
Stable tag: 1.6
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html

Prevent pingback, XML-RPC and denial of service DDOS attacks by disabling the XML-RPC pingback functionality.

== Description ==

Prevent your WordPress site from participating and being a victim of pingback denial of service attacks. **After activation the plugin automatically disables XML-RPC. There's no need to configure anything.**

By disabling the XML-RPC pingback you'll:
* lower your server CPU usage
* prevent malicious scripts from using your site to run pingback denial of service attacks
* prevent malicious scripts to run denial of service attacks on your site via pingback

From sucuri.net:

> Any WordPress site with Pingback enabled (which is on by default) can be used in DDOS attacks against other sites.

= Learn More =

* [How To Prevent WordPress From Participating In Pingback Denial of Service Attacks](http://wptavern.com/how-to-prevent-wordpress-from-participating-in-pingback-denial-of-service-attacks) - wptavern.com
* [More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack](http://blog.sucuri.net/2014/03/more-than-162000-wordpress-sites-used-for-distributed-denial-of-service-attack.html) - sucuri.net
* [xmlrpc.php and Pingbacks and Denial of Service Attacks, Oh My!](http://hackguard.com/xmlrpc-php-ping-backs-hackers-denial-service-attacks) - hackguard.com

= Is Your Site Attacking Others? =

Use [Sucuri's WordPress DDOS Scanner](http://labs.sucuri.net/?is-my-wordpress-ddosing) to check if your site is DDOS’ing other websites

= Why Not Just Disable XMLRPC Altogether? =

Yes, you can choose to do that, but if you use popular plugins like JetPack (that use XMLRPC) then those plugins will stop working. That is why this small plugin exists.

== Installation ==

= Using The WordPress Dashboard =

1. Navigate to the 'Add New' in the plugins dashboard
2. Search for 'Remove XMLRPC Pingback Ping'
3. Click 'Install Now'
4. Activate the plugin on the Plugin dashboard

= Uploading in WordPress Dashboard =

1. Navigate to the 'Add New' in the plugins dashboard
2. Navigate to the 'Upload' area
3. Select `remove-xmlrpc-pingback-ping.zip` from your computer
4. Click 'Install Now'
5. Activate the plugin in the Plugin dashboard

= Using FTP =

1. Download `remove-xmlrpc-pingback-ping.zip`
2. Extract the `remove-xmlrpc-pingback-ping` directory to your computer
3. Upload the `remove-xmlrpc-pingback-ping` directory to the `/wp-content/plugins/` directory
4. Activate the plugin in the Plugin dashboard

== Screenshots ==

1. Postman: Without the plugin installed
2. Postman: With the plugin installed

== Frequently Asked Questions ==

= Is My Site Attacking Others? =

It could be! Use [Sucuri's WordPress DDOS Scanner](https://labs.sucuri.net/?is-my-wordpress-ddosing) to check if your site is DDOS’ing other websites

== Changelog ==

= 1.6 =
* 2023/07/24
* Added filter to check for and remove 'X-Pingback' header if necessary.
* Added settings page
* Tested up to WP 6.2

= 1.5 =
* Code hardening.
* Verified compatibility with WP 5.9.3

= 1.4 =
* New: Added a count under "Settings -> General" to see number of blocked attempts.
* Tested up to WP 5.8
* Added newsletter admin notice.
* Code hardening.

= 1.3 =
* 2020/09/21
* Cleaned up code
* Added counter for number of times the pingback method was blocked.
* Tested with WP 5.5.1
* 28,595 downloads

= 1.1 =
* 2019/04/09
* version bump

= 1.0.0 =
* First release

== Upgrade Notice ==

= 1.5 =
Worth the update...