Title: XML-RPC Settings Author: vavkamil Published: अक्टोबर 7, 2021 Last modified: नोभेम्बर 25, 2021 --- प्लगिनहरू खोज्नुहोस् ![](https://ps.w.org/xml-rpc-settings/assets/banner-772x250.png?rev=2611192) यो प्लगिन **वर्डप्रेसका ३ प्रमुख नवीनतम रिलीजहरूसँग परीक्षण गरिएको छैन**। यो अब सम्भवतः व्यवस्थित वा समर्थन नभएको हुन सक्छ र वर्डप्रेसका नयाँ संस्करणहरूमा प्रयोग गर्दा अनुकूलता सम्बन्धी समस्या हुन सक्छ। ![](https://ps.w.org/xml-rpc-settings/assets/icon-256x256.png?rev=2611192) # XML-RPC Settings [vavkamil](https://profiles.wordpress.org/vavkamil/) द्वारा [डाउनलोड गर्नुहोस्](https://downloads.wordpress.org/plugin/xml-rpc-settings.zip) * [विवरण](https://ne.wordpress.org/plugins/xml-rpc-settings/#description) * [समीक्षाहरू](https://ne.wordpress.org/plugins/xml-rpc-settings/#reviews) * [स्थापना](https://ne.wordpress.org/plugins/xml-rpc-settings/#installation) * [विकास](https://ne.wordpress.org/plugins/xml-rpc-settings/#developers) [सहायता](https://wordpress.org/support/plugin/xml-rpc-settings/) ## विवरण ### XML-RPC Settings Configure XML-RPC methods to increase the security of your website: #### Build-in features could be used for malicious purposes and cannot be disabled by default. * Disable GET access - XML-RPC API only responds to POST requests. Direct GET access is not needed and can be used to fingerprint websites and use them as XML-RPC zombies in later attacks. * Disable system.multicall - system.multicall method can be misused for amplification attacks. * Disable system.listMethods - system.listMethods method can be used for verifying attack scope. #### Prevent malicious actors from enumerating usernames and credentials. * Disable authenticated methods - Methods requiring authentication, such as wp.getUsersBlogs, are often used to brute-force your passwords. #### Pingbacks are a helpful feature to discover back-links to your posts but can be misused for DDoS attacks or allow fingerprinting your WP version. * Disable pingbacks - Pingbacks are generally safe, but are often used for DDoS attacks via system. multicall. * Remove X-Pingback header - If you decide to disable pingbacks, it’s a good practice to remove the X-Pingback header return by your posts. * Hide WordPress version when verifying pingbacks - Pingbacks’ user-agent can reveal your exact WordPress version, even when hidden by other plugins. * Hide WordPress version when sending pingbacks - Pingbacks’ user-agent can reveal your exact WordPress version, even when hidden by other plugins. #### Unnecessary XML-RPC API, leave enabled if you are not sure. * Disable Demo API - Remove demo.sayHello and demo.addTwoNumbers methods, as they are not needed. * Disable Blogger API - WordPress supports the Blogger XML-RPC API methods. * Disable MetaWeblog API - WordPress supports the metaWeblog XML-RPC API. * Disable MovableType API - WordPress supports the MovableType XML-RPC API. #### If you are using some integrations or WP mobile applications, it might be a good idea to allow XML-RPC only to specific IPs. * Allow XML-RPC only for - IP comma separated eg. 192.168.10.242, 192.168.10.241 #### It is possible to hide a message between the allowed methods when system.listMethods is called (not recommended). * Add message to XML-RPC methods - We are hiring! Check jobs.yourdomains.com ## स्क्रिनसटहरू * [[ * The settings page is highly configurable, with a deep set of options available for each feature. ## स्थापना Secure your website using the following steps to install XML-RPC Settings: 1. Install XML-RPC Settings automatically or by uploading the ZIP file. 2. Activate the XML-RPC Settings through the ‘Plugins’ menu in WordPress. XML-RPC Settings is now activated. 3. Go to the Settings >> XML-RPC Settings and configure the plugin based on your needs. ## प्रश्नोत्तर ### How does XML-RPC Settings protect sites from attackers? The XML-RPC Settings plugin allows you to configure XML-RPC methods to increase the security of your website. For example, you can easily disable Pingback methods, which might be misused by attacks to launch DDoS attacks. ## समीक्षाहरू यस प्लगिनको लागि कुनै समीक्षाहरू छैनन्। ## योगदानकर्ता र डेभलपरहरू “XML-RPC Settings” खुला स्रोत सफ्टवेयर हो। निम्न व्यक्तिहरूले यो प्लगिनमा योगदान गरेका छन्। योगदानकर्ताहरू * [ vavkamil ](https://profiles.wordpress.org/vavkamil/) [“XML-RPC Settings” लाई आफ्नो भाषामा अनुवाद गर्नुहोस्](https://translate.wordpress.org/projects/wp-plugins/xml-rpc-settings) ### विकासमा रुचि छ? [आरएसएस](https://plugins.trac.wordpress.org/log/xml-rpc-settings/?limit=100&mode=stop_on_copy&format=rss) द्वारा [कोड ब्राउज गर्नुहोस्](https://plugins.trac.wordpress.org/browser/xml-rpc-settings/), [एसभीएन रिपजिटरी](https://plugins.svn.wordpress.org/xml-rpc-settings/) हेर्नुहोस्, वा [विकास लग](https://plugins.trac.wordpress.org/log/xml-rpc-settings/) को सदस्यता लिनुहोस्। ## चेन्जलग #### 1.2.1 – October 05, 2021 * Fix callback function to register settings #### 1.2 – October 05, 2021 * Add `xmlrpc_settings_` prefix to function names to be unique #### 1.1 – October 03, 2021 * Updated readme.txt and fixed grammar #### 1.0 * An initial release ## मेटा * संस्करण **1.2.1** * पछिल्लो अपडेट **4 वर्ष अघि** * सक्रिय स्थापना **30+** * वर्डप्रेस संस्करण ** 3.9 वा उच्च ** * जाँच गरिएको **5.8.13** * PHP संस्करण ** 5.3 वा उच्च ** * भाषा * [English (US)](https://wordpress.org/plugins/xml-rpc-settings/) * ट्यागहरू * [Brute Force](https://ne.wordpress.org/plugins/tags/brute-force/)[ddos](https://ne.wordpress.org/plugins/tags/ddos/) [security](https://ne.wordpress.org/plugins/tags/security/)[xmlrpc](https://ne.wordpress.org/plugins/tags/xmlrpc/) * [उन्नत दृश्य](https://ne.wordpress.org/plugins/xml-rpc-settings/advanced/) ## रेटिङ्गहरू अहिलेसम्म कुनै समीक्षा पेस गरिएको छैन। [Your review](https://wordpress.org/support/plugin/xml-rpc-settings/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/xml-rpc-settings/reviews/) ## योगदानकर्ताहरू * [ vavkamil ](https://profiles.wordpress.org/vavkamil/) ## सहायता केही भन्नु छ? सहयोग चाहियो? [सहायता फोरम हेर्नुहोस्](https://wordpress.org/support/plugin/xml-rpc-settings/)