Title: Disable XML-RPC – Dashboard Control Author: aph5 Published: 2026 年 1 月 24 日 Last modified: 2026 年 1 月 24 日 --- 搜索插件 ![](https://ps.w.org/xml-rpc-control-dashboard/assets/banner-772x250.png?rev=3445967) ![](https://ps.w.org/xml-rpc-control-dashboard/assets/icon-256x256.png?rev=3445967) # Disable XML-RPC – Dashboard Control 作者:[aph5](https://profiles.wordpress.org/aph5/) [下载](https://downloads.wordpress.org/plugin/xml-rpc-control-dashboard.1.0.1.zip) * [详情](https://cn.wordpress.org/plugins/xml-rpc-control-dashboard/#description) * [评价](https://cn.wordpress.org/plugins/xml-rpc-control-dashboard/#reviews) * [安装](https://cn.wordpress.org/plugins/xml-rpc-control-dashboard/#installation) * [开发进展](https://cn.wordpress.org/plugins/xml-rpc-control-dashboard/#developers) [支持](https://wordpress.org/support/plugin/xml-rpc-control-dashboard/) ## 描述 * XML-RPC Control Dashboard provides WordPress administrators with a way of quickly toggling on/off the XML-RPC functionality. * On initial installation and activation, XML-RPC will be disabled, * It displays the current enabled/disabled status in the dashboard, helping users avoid leaving access on unnecessarily. * It features XML-RPC rate limiting functionality, providing some protection to users while XML-RPC is on. * Rate limiting is on by default, but can be turned off. Note that it’s not perfect security however, and we recommend XML-RPC is disabled after use. #### Why Control XML-RPC? XML-RPC is a WordPress feature that allows remote access to your site. While useful for legitimate applications like mobile apps and remote publishing, it’s frequently exploited for: * Brute force password attacks * DDoS amplification attacks via pingbacks * Spam distribution * Resource exhaustion #### Rate Limiting Protection When enabled, the plugin automatically limits: * **Failed Authentication** – Maximum 5 failed login attempts per hour per IP * **High-Risk Methods** – Limits on pingback.ping, system.multicall, and other abuse-prone methods * **IP Validation** – Prevents IP spoofing by validating addresses and processing proxy headers correctly #### Privacy This plugin does not collect, store, or transmit any user data outside your WordPress installation. All rate limiting data is stored temporarily using WordPress transients and is automatically cleaned up. ### Additional Information #### Support For support, feature requests, or bug reports, please visit the plugin’s support forum. #### Contributing Feedback is welcomed. #### Security If you discover a security vulnerability, please report it responsibly via the WordPress security team or directly to the plugin author. ## 屏幕截图 [⌊Dashboard widget showing XML-RPC blocked⌉⌊Dashboard widget showing XML-RPC blocked⌉[ Dashboard widget showing XML-RPC blocked [⌊Dashboard widget showing XML-RPC enabled⌉⌊Dashboard widget showing XML-RPC enabled⌉[ Dashboard widget showing XML-RPC enabled [⌊Settings page with enable/disable XML-RPC⌉⌊Settings page with enable/disable XML- RPC⌉[ Settings page with enable/disable XML-RPC [⌊Settings page with Rate limiting enable/disable⌉⌊Settings page with Rate limiting enable/disable⌉[ Settings page with Rate limiting enable/disable ## 安装 1. Upload the `xml-rpc-control-dashboard` folder to the `/wp-content/plugins/` directory 2. Activate the plugin through the ‘Plugins’ menu in WordPress 3. View the dashboard widget on your main admin page or navigate to Settings > XML- RPC Control 4. Toggle XML-RPC on/off as needed and configure rate limiting ## 常见问题 ### Will this break my mobile app or remote publishing tools? If you use WordPress mobile apps or remote publishing tools (like blog editors), you’ll need to keep XML-RPC enabled. The rate limiting feature provides an additional layer of defense against common automated attacks, though we still recommend disabling XML-RPC when not actively needed. ### What happens when XML-RPC is disabled? When disabled, all XML-RPC requests will be blocked. This means: * No remote publishing * No WordPress mobile app access * No pingbacks/trackbacks * Jetpack and similar plugins may have reduced functionality ### What is the default state when I activate the plugin? XML-RPC is blocked by default. If a user unblocks it, then XML-RPC rate limiting is enabled by default, but can be disabled in settings. ### How does the rate limiting work? Rate limiting tracks requests per IP address using WordPress transients (temporary data). It limits failed authentication attempts and high-risk methods to 5 per hour. This prevents basic automated attacks while allowing normal use. ### Can rate limiting be relied upon? We don’t recommend users rely on rate limiting to secure their server. Rate limiting provides basic protection against automated attacks but has known limitations in high-concurrency scenarios. When XML-RPC is not needed, we recommend disabling it. ### Does this plugin work with caching? Yes, the plugin works with all caching solutions. Rate limiting hooks into WordPress core authentication and XML-RPC systems, which execute before cached pages are served. ### Is this compatible with Jetpack and similar plugins? Yes, when XML-RPC is enabled, Jetpack and other plugins that rely on XML-RPC will continue to function normally. The rate limiting protects against abuse while allowing legitimate traffic. ## 评价 此插件暂无评价。 ## 贡献者及开发者 「Disable XML-RPC – Dashboard Control」是开源软件。 以下人员对此插件做出了贡献。 贡献者 * [ aph5 ](https://profiles.wordpress.org/aph5/) [帮助将「Disable XML-RPC – Dashboard Control」翻译成简体中文。](https://translate.wordpress.org/projects/wp-plugins/xml-rpc-control-dashboard) ### 对开发感兴趣吗? 您可以[浏览代码](https://plugins.trac.wordpress.org/browser/xml-rpc-control-dashboard/), 查看[SVN仓库](https://plugins.svn.wordpress.org/xml-rpc-control-dashboard/),或通过 [RSS](https://plugins.trac.wordpress.org/log/xml-rpc-control-dashboard/?limit=100&mode=stop_on_copy&format=rss) 订阅[开发日志](https://plugins.trac.wordpress.org/log/xml-rpc-control-dashboard/)。 ## 更新日志 #### 1.0.1 * Changed plugin name to “Disable XML-RPC – Dashboard Control” for improved search visibility * No functional changes #### 1.0.0 * Initial release * Dashboard widget with quick toggle * Settings page under Settings > XML-RPC Control * Optional rate limiting for failed auth and high-risk methods * Secure by default (XML-RPC disabled on activation) ## 额外信息 * 版本 **1.0.1** * 最后更新:**5 月前** * 活跃安装数量 **不到10** * WordPress 版本 ** 5.0 或更高版本 ** * 已测试的最高版本为 **6.9.4** * PHP 版本 ** 7.4 或更高版本 ** * 语言 * [English (US)](https://wordpress.org/plugins/xml-rpc-control-dashboard/) * 标签 * [dashboard](https://cn.wordpress.org/plugins/tags/dashboard/)[rate limiting](https://cn.wordpress.org/plugins/tags/rate-limiting/) [security](https://cn.wordpress.org/plugins/tags/security/)[xmlrpc](https://cn.wordpress.org/plugins/tags/xmlrpc/) * [高级视图](https://cn.wordpress.org/plugins/xml-rpc-control-dashboard/advanced/) ## 评级 尚未提交反馈。 [Your review](https://wordpress.org/support/plugin/xml-rpc-control-dashboard/reviews/#new-post) [查看全部评论](https://wordpress.org/support/plugin/xml-rpc-control-dashboard/reviews/) ## 贡献者 * [ aph5 ](https://profiles.wordpress.org/aph5/) ## 支持 有话要说吗?是否需要帮助? [查看支持论坛](https://wordpress.org/support/plugin/xml-rpc-control-dashboard/)