=== Remove XML-RPC Methods ===
Contributors: walterebert
Tags: xml-rpc, xmlrpc, security
Requires at least: 4.6
Tested up to: 7.0
Requires PHP: 5.4.0
Stable tag: 1.4.2
License: GPL-2.0-or-later
License URI: https://spdx.org/licenses/GPL-2.0-or-later.html

Remove all WordPress methods from the XML-RPC API to increase security.

== Description ==

Removes all WordPress methods from the XML-RPC API to increase security. It does more than just using the `xmlrpc_enabled` hook, because that is only used “To disable XML-RPC methods that require authentication”.

Activating this plugin will also disable pingbacks, trackbacks, and Really Simple Discovery (RSD), because these rely on XML-RPC.

It works with any webserver, because it does not use the .htaccess file.

= Testing the plugin =

From the command line you can test if the plugin is working correctly using [curl](https://curl.haxx.se/). Replace the `example.com` link to match your website:

<pre><code>
curl -d '&lt;?xml version="1.0"?&gt;&lt;methodCall&gt;&lt;methodName&gt;system.listMethods&lt;/methodName&gt;&lt;params&gt;&lt;param&gt;&lt;value&gt;&lt;string/&gt;&lt;/value&gt;&lt;/param&gt;&lt;/params&gt;&lt;/methodCall&gt;' https://example.com/xmlrpc.php
</code></pre>

This should only return the following methods:
- `system.multicall`
- `system.listMethods`
- `system.getCapabilities`

== Installation ==

1. Download the plugin and unzip it. Copy the files to the `/wp-content/plugins/wee-remove-xmlrpc-methods` directory
2. Activate the plugin through the 'Plugins' menu in WordPress

== Changelog ==

= 1.4.2 =
* Updated description
* Tested WordPress up to version 7.0.

= 1.4.1 =
* Updated description and tags

= 1.4.0 =
* Tested with PHP 8.0
* Tested WordPress up to version 5.6.

= 1.3.1 =
* Correct description

= 1.3.0 =
* Replace PHP `header` function with `http_response_code`.
* Update readme.txt.
* Raise minimal supported WordPress version to 4.6.
* Tested WordPress up to version 5.5.

= 1.2.0 =
* Replace pings_open action function with built-in function.
* Increase pings_open action priority.
* Raise minimal supported WordPress version to 4.4.
* Tested WordPress up to version 5.4.

= 1.1.0 =
* Deactivate pingbacks on install.
* Remove RSD link reference.
