How to disable pingback and xmlrpc advertising

13 March 2014 by Lincoln Ramsay

I don’t know if wordpress sites respond to ping backs if you turn the checkbox off but… can’t hurt to force it off anyway, right?

So I took the instructions here but I changed one thing. I can’t just turn off xmlrpc altogether because I use the wordpress mobile app. But all the rest is good. This turns off the advertising (headers and such, references to xmlrpc.php that end up in your pages) as well as forcibly blocking any ping requests. The mobile app still works. Maybe other things don’t but… I don’t use them.

Make a directory under wp-content/plugins and a .php file to put the following into. You then have to enable the plugin from the dashboard.

<?php
/*
Plugin Name: [RPC] XMLRPCless Blog
Plugin URI: http://earnestodev.com/
Description: Disable XMLRPC advertising/functionality blog-wide.
Version: 0.0.7
Author: EarnestoDev
Author URI: http://earnestodev.com/
*/
// Disable X-Pingback HTTP Header.
add_filter('wp_headers', function($headers, $wp_query){
    if(isset($headers['X-Pingback'])){
        // Drop X-Pingback
        unset($headers['X-Pingback']);
    }
    return $headers;
}, 11, 2);
// Remove rsd_link from filters (<link rel="EditURI" />).
add_action('wp', function(){
    remove_action('wp_head', 'rsd_link');
}, 9);
// Hijack pingback_url for get_bloginfo (<link rel="pingback" />).
add_filter('bloginfo_url', function($output, $property){
    return ($property == 'pingback_url') ? null : $output;
}, 11, 2);
// Just disable pingback.ping functionality while leaving XMLRPC intact?
add_action('xmlrpc_call', function($method){
    if($method == 'pingback.ping'
    || $method == 'pingback.extensions.getPingbacks') 
        wp_die(
        'Pingback functionality is disabled on this Blog.',
        'Pingback Disabled!',
        array('response' => 403) 
        );
});
?>

Update: I added pingback.extensions.getPingbacks because I’ve seen it in other ping-blocking plugins.