How to remove xmlrpc from wordpress headers

If you don’t need xmlrpc in your wordpress, you can disable it at various places like http x-pingback header, html meta tags, etc. Here are quick instructions to do it. This will require you to have a custom plugin for your wordpress site where you can add some php code.

Remove X-Pingback http header

This is how x-pingback header appears by default in wordpress posts and other pages:
http x-pingback header
To disable it add the following code to your custom wordpress header:

add_filter('wp_headers', function($headers, $wp_query){
  if (array_key_exists('X-Pingback', $headers)) {
  return $headers;
}, 11, 2);

Remove rel=”pingback” meta tag

This is how rel=”pingback” tag looks like in wordpress post html:
wordpress link rel pingback
To disable this, you can use the following code snippet in site custom wordpress plugin:

add_filter('bloginfo_url', function($output, $property){
  error_log("====property=" . $property);
  return ($property == 'pingback_url') ? null : $output;
}, 11, 2);

Remove EditUri meta tag

By default wordpress posts also contains xpmrpc.php in EditUri meta tag as shown below:
wordpress-link rel edituri
To remove meta tag for EditUrl, you can use the following plugin code snipper:

add_action('wp', function(){
    remove_action('wp_head', 'rsd_link');
}, 11);

Note that we have used priority=11 as default wordpress priority is 10 and we want to execute our custom code in the end of default plugins and filters.

Share this article: share on Google+ share on facebook share on linkedin tweet this submit to reddit


Click here to write/view comments