Title: REST XML-RPC Data Checker
Author: Enrico Sorcinelli
Published: <strong>2018 年 11 月 11 日</strong>
Last modified: 2022 年 8 月 4 日

---

搜索插件

**该插件尚未通过WordPress的最新3个主要版本进行测试**。 当与较新版本的WordPress一起
使用时，可能不再受到维护或支持，并且可能会存在兼容性问题。

![](https://ps.w.org/rest-xmlrpc-data-checker/assets/icon-256x256.png?rev=1973092)

# REST XML-RPC Data Checker

 作者：[Enrico Sorcinelli](https://profiles.wordpress.org/enricosorcinelli/)

[下载](https://downloads.wordpress.org/plugin/rest-xmlrpc-data-checker.1.4.0.zip)

 * [详情](https://cn.wordpress.org/plugins/rest-xmlrpc-data-checker/#description)
 * [评价](https://cn.wordpress.org/plugins/rest-xmlrpc-data-checker/#reviews)
 *  [安装](https://cn.wordpress.org/plugins/rest-xmlrpc-data-checker/#installation)
 * [开发进展](https://cn.wordpress.org/plugins/rest-xmlrpc-data-checker/#developers)

 [支持](https://wordpress.org/support/plugin/rest-xmlrpc-data-checker/)

## 描述

JSON REST API and XML-RPC API are powerful ways to remotely interact with WordPress.

If you don’t have external applications that need to communicate with your WordPress
instance using JSON REST API or XML-RPC API you should disable access to them for
external requests.

In the standard WordPress installation JSON REST API and XML-RPC API are enabled
by default.
 In particular the REST API is turned on also for unlogged users. This
means that your WordPress instance is potentially leaking data, for example anyone
could be able to:

 * copy easily your published contents natively with the REST API (and not with 
   a web crawler);
 * get the list of all users (with their ID, nickname and name);
 * retrieve other information that you didn’t want to be public (such as an unlisted
   published page or a saved media not yet used).

Even if you could do the stuff by writing your own code using native filters, this
plugin aims to help you to control JSON REST API and XML-RPC API accesses from the
administration panel or programmatically by a simple API filter.

### Basic Features

 * **Disable REST API** interface for unlogged users.
 * **Disable JSONP support** on REST API.
 * **Add Basic Authentication** to REST API.
 * **Remove** REST `<link>` tags, REST `Link` HTTP header and REST Really Simple
   Discovery (RSD) informations.
 * **Setup trusted users, IP/Networks and endpoints** for unlogged users REST requests.
 * **Change REST endpoint prefix**.
 * **Disable XML-RPC API** interface.
 * **Remove** `<link>` to the Really Simple Discovery (RDS) informations.
 * **Remove** `X-Pingback` HTTP header.
 * **Setup trusted users, IP/Networks and methods** for XML-RPC requests.
 * **Show user’s access informations** in users list administration screen.

### Usage

Once the plugin is installed you can control settings in the following ways:

 * Using the _Settings->REST XML-RPC Data Checker_ administration screen.
 * Programmatically, by using `rest_xmlrpc_data_checker_settings` filter (see below).

### API

#### Hooks

**`rest_xmlrpc_data_checker_settings`**

Filters plugin settings values.

    ```
    apply_filters( 'rest_xmlrpc_data_checker_settings', array $settings )
    ```

**`rest_xmlrpc_data_checker_admin_settings`**

Filter allowing to display or not the plugin settings page in the administration.

    ```
    apply_filters( 'rest_xmlrpc_data_checker_admin_settings', boolean $display )
    ```

**`rest_xmlrpc_data_checker_rest_error`**

Filter JSON REST authentication error after plugin checks.

    ```
    apply_filters( 'rest_xmlrpc_data_checker_rest_error', WP_Error|boolean $result )
    ```

**`xmlrpc_before_insert_post`**

Filter XML-RPC post data to be inserted via XML-RPC before to insert post into database.

    ```
    apply_filters( 'xmlrpc_before_insert_post', array|IXR_Error $content_struct, WP_User $user )
    ```

## 屏幕截图

[⌊The JSON REST settings section.⌉⌊The JSON REST settings section.⌉[

The JSON REST settings section.

[⌊The XML-RPC settings section.⌉⌊The XML-RPC settings section.⌉[

The XML-RPC settings section.

[⌊The Options settings section.⌉⌊The Options settings section.⌉[

The Options settings section.

[⌊Enable XML-RPC and REST interfaces on user profile/user edit pages (available 
only for users with edit_users capability).⌉⌊Enable XML-RPC and REST interfaces 
on user profile/user edit pages (available only for users with edit_users capability)
.⌉[

Enable XML-RPC and REST interfaces on user profile/user edit pages (available only
for users with `edit_users` capability).

[⌊User list administration screen.⌉⌊User list administration screen.⌉[

User list administration screen.

## 安装

This section describes how to install the plugin and get it working.

 1. Upload the plugin files to the `/wp-content/plugins/rest-xmlrpc-data-checker` directory,
    or install the plugin through the WordPress _Plugins_ screen directly.
 2. Activate the plugin through the _Plugins_ screen in WordPress.

## 常见问题

### Does it work with Gutenberg?

Yes

### Does it work on Multisite?

Yes

### How do I make REST requests using Basic Authentication?

In the _REST_ tab of plugin settings page you have to:

 * check **Disable REST API interface for unlogged users** option
 * select **Use Basic Authentication** in the _Authentication_ section
 * select users whom you want to grant REST access
 * save changes

This way, in HTTP REST external requests, users have to add `Authorization` HTTP
header.

In order to generate the `Authorization` HTTP header to use with Basic Authentication
you simply have to base64 encode the username and password separated by a colon.

Here is an example in PHP:

    ```
    $header = 'Authorization: Basic ' . base64_encode( 'my-user:my-password' );
    ```

[Here you can see several examples](https://gist.github.com/enrico-sorcinelli/d33b6889888e95f710bc50a2090a25cf)
in a variety of language.

Note that the Basic Authentication requires sending your username and password with
every request, and should only be used over SSL-secured connections or for local
development and testing.
 Without SSL you are strongly encouraged to to turn off
Basic Authentication in production environments.

## 评价

![](https://secure.gravatar.com/avatar/4a71fe5d565a3d116bcf0065703d879c19e8926df115143d8a55cbbb0be7a099?
s=60&d=retro&r=g)

### 󠀁[Great, but expandable](https://wordpress.org/support/topic/great-but-expandable/)󠁿

 [Oleg Meglin](https://profiles.wordpress.org/omeglin/) 2023 年 2 月 14 日

This really is a great plugin. The only feature I would love to see is WP-CLI support.

![](https://secure.gravatar.com/avatar/7768737ff2111b2e1f641880360e52a26bc939b307f993cbeabc56b1fc51579d?
s=60&d=retro&r=g)

### 󠀁[Useful plugin](https://wordpress.org/support/topic/useful-plugin-919/)󠁿

 [bro007](https://profiles.wordpress.org/bro007/) 2022 年 11 月 25 日

A very useful plugin that works well. The plugin helped close access to the JSON
REST API for unregistered users, and also nullified attacks on XML-RPC!

![](https://secure.gravatar.com/avatar/6ce09e6d70ecdc00d6e15c4b86365e06cc8a86f7284c53438bd71e0859101680?
s=60&d=retro&r=g)

### 󠀁[Works fine](https://wordpress.org/support/topic/works-fine-1289/)󠁿

 [Envox d.o.o.](https://profiles.wordpress.org/envox/) 2021 年 2 月 24 日

Having more options that I expected (i.e. enable/disable on user level). Thanks 
for nice plugin.

 [ 阅读所有3条评价 ](https://wordpress.org/support/plugin/rest-xmlrpc-data-checker/reviews/)

## 贡献者及开发者

「REST XML-RPC Data Checker」是开源软件。 以下人员对此插件做出了贡献。

贡献者

 *   [ Enrico Sorcinelli ](https://profiles.wordpress.org/enricosorcinelli/)

[帮助将「REST XML-RPC Data Checker」翻译成简体中文。](https://translate.wordpress.org/projects/wp-plugins/rest-xmlrpc-data-checker)

### 对开发感兴趣吗?

您可以[浏览代码](https://plugins.trac.wordpress.org/browser/rest-xmlrpc-data-checker/)，
查看[SVN仓库](https://plugins.svn.wordpress.org/rest-xmlrpc-data-checker/)，或通过
[RSS](https://plugins.trac.wordpress.org/log/rest-xmlrpc-data-checker/?limit=100&mode=stop_on_copy&format=rss)
订阅[开发日志](https://plugins.trac.wordpress.org/log/rest-xmlrpc-data-checker/)。

## 更新日志

For REST XML-RPC Data Checker changelog, please see [the Releases page on GitHub](https://github.com/enrico-sorcinelli/rest-xmlrpc-data-checker/releases).

## 额外信息

 *  版本 **1.4.0**
 *  最后更新：**4 年前**
 *  活跃安装数量 **1,000+**
 *  WordPress 版本 ** 4.4 或更高版本 **
 *  已测试的最高版本为 **6.0.12**
 *  PHP 版本 ** 5.2.4 或更高版本 **
 *  语言
 * [English (US)](https://wordpress.org/plugins/rest-xmlrpc-data-checker/)
 * 标签
 * [api](https://cn.wordpress.org/plugins/tags/api/)[JSON](https://cn.wordpress.org/plugins/tags/json/)
   [rest](https://cn.wordpress.org/plugins/tags/rest/)[security](https://cn.wordpress.org/plugins/tags/security/)
   [xmlrpc](https://cn.wordpress.org/plugins/tags/xmlrpc/)
 *  [高级视图](https://cn.wordpress.org/plugins/rest-xmlrpc-data-checker/advanced/)

## 评级

 5 星（最高 5 星）。

 *  [  3 条 5 星评价     ](https://wordpress.org/support/plugin/rest-xmlrpc-data-checker/reviews/?filter=5)
 *  [  0 条 4 星评价     ](https://wordpress.org/support/plugin/rest-xmlrpc-data-checker/reviews/?filter=4)
 *  [  0 条 3 星评价     ](https://wordpress.org/support/plugin/rest-xmlrpc-data-checker/reviews/?filter=3)
 *  [  0 条 2 星评价     ](https://wordpress.org/support/plugin/rest-xmlrpc-data-checker/reviews/?filter=2)
 *  [  0 条 1 星评价     ](https://wordpress.org/support/plugin/rest-xmlrpc-data-checker/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/rest-xmlrpc-data-checker/reviews/#new-post)

[查看全部评论](https://wordpress.org/support/plugin/rest-xmlrpc-data-checker/reviews/)

## 贡献者

 *   [ Enrico Sorcinelli ](https://profiles.wordpress.org/enricosorcinelli/)

## 支持

有话要说吗？是否需要帮助？

 [查看支持论坛](https://wordpress.org/support/plugin/rest-xmlrpc-data-checker/)