Title: XMLRPC Lockdown by AO Digital Author: aodigitalau Published: January 12, 2024 Last modified: December 10, 2024 --- Search plugins ![](https://s.w.org/plugins/geopattern-icon/xmlrpc-lockdown.svg) # XMLRPC Lockdown by AO Digital By [aodigitalau](https://profiles.wordpress.org/aodigitalau/) [Download](https://downloads.wordpress.org/plugin/xmlrpc-lockdown.2.0.zip) * [Details](https://li.wordpress.org/plugins/xmlrpc-lockdown/#description) * [Reviews](https://li.wordpress.org/plugins/xmlrpc-lockdown/#reviews) * [Installation](https://li.wordpress.org/plugins/xmlrpc-lockdown/#installation) * [Development](https://li.wordpress.org/plugins/xmlrpc-lockdown/#developers) [Support](https://wordpress.org/support/plugin/xmlrpc-lockdown/) ## Description XMLRPC Lockdown by AO Digital is an advanced security plugin for WordPress. It blocks access to `xmlrpc.php` for all requests except those explicitly allowed, such as requests from Jetpack, the WordPress mobile app, and other specified services. With the latest enhancements, users can customize the list of allowed services and create custom allowances for specific IPs, URLs, or referrers directly from the WordPress admin dashboard. **Key Features:** – Blocks unauthorized access to `xmlrpc.php`, enhancing WordPress security. – Allows specific services like Jetpack and the WordPress mobile app to work seamlessly. – New settings page for managing allowed plugins and custom allowances.– AJAX-powered options saving for a smooth user experience. – Fully compatible with PHP 8.0+ and tested up to WordPress 6.7.2. Whether you’re looking to secure your site or fine-tune `xmlrpc.php` access, XMLRPC Lockdown by AO Digital offers a robust, user-friendly solution. ### Support For assistance with XMLRPC Lockdown by AO Digital, please visit [AO Digital Support](http://aodigital.com.au) or email us at support@aodigital.com.au. ## Installation 1. Download the latest version of the plugin from the WordPress plugin repository. 2. Upload the entire `xmlrpc-lockdown` folder to the `/wp-content/plugins/` directory of your WordPress site. 3. Log in to your WordPress dashboard and navigate to the “Plugins” page. 4. Locate **XMLRPC Lockdown by AO Digital** in the list and click “Activate”. ## FAQ ### How does the plugin work? The plugin blocks all requests to `xmlrpc.php` by default, except for those from user-specified plugins and custom allowances defined via the admin settings. ### Can I add custom IPs, URLs, or referrers? Yes, the settings page includes a “Custom Allowances” section where you can whitelist specific IPs, URLs, or referrers. ### Is the plugin compatible with Jetpack and the WordPress mobile app? Yes, Jetpack and the WordPress mobile app are preconfigured as allowed plugins. You can manage this in the settings page. ### What are the system requirements? The plugin requires PHP 8.0 or later and is tested with WordPress version 6.7.2. ## Reviews ![](https://secure.gravatar.com/avatar/0b1d9499d4993c0388e5e0abba141851ee8049e29931b67c2b30b587b31e417f? s=60&d=retro&r=g) ### 󠀁[Does what it says!](https://wordpress.org/support/topic/does-what-it-says-1169/)󠁿 [ac1ionm4n](https://profiles.wordpress.org/ac1ionm4n/) January 16, 2024 Exactly as advertised, simple and lightweight. [ Read all 1 review ](https://wordpress.org/support/plugin/xmlrpc-lockdown/reviews/) ## Contributors & Developers “XMLRPC Lockdown by AO Digital” is open source software. The following people have contributed to this plugin. Contributors * [ aodigitalau ](https://profiles.wordpress.org/aodigitalau/) [Translate “XMLRPC Lockdown by AO Digital” into your language.](https://translate.wordpress.org/projects/wp-plugins/xmlrpc-lockdown) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/xmlrpc-lockdown/), check out the [SVN repository](https://plugins.svn.wordpress.org/xmlrpc-lockdown/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/xmlrpc-lockdown/) by [RSS](https://plugins.trac.wordpress.org/log/xmlrpc-lockdown/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 2.0 * Overhauled plugin to include an admin settings page. * Added support for custom allowances (IPs, URLs, referrers). * Improved compatibility with PHP 8.0+. * Enhanced AJAX-powered saving for a seamless experience. * Updated blocking logic for better performance and flexibility. #### 1.1 * Initial version. ## Meta * Version **2.0** * Last updated **1 year ago** * Active installations **80+** * Tested up to **6.7.5** * PHP version ** 8.0 or higher ** * Language * [English (US)](https://wordpress.org/plugins/xmlrpc-lockdown/) * Tags * [jetpack](https://li.wordpress.org/plugins/tags/jetpack/)[Mobile App](https://li.wordpress.org/plugins/tags/mobile-app/) [security](https://li.wordpress.org/plugins/tags/security/)[WordPress](https://li.wordpress.org/plugins/tags/wordpress/) [xmlrpc](https://li.wordpress.org/plugins/tags/xmlrpc/) * [Advanced View](https://li.wordpress.org/plugins/xmlrpc-lockdown/advanced/) ## Ratings 5 out of 5 stars. * [ 1 5-star review ](https://wordpress.org/support/plugin/xmlrpc-lockdown/reviews/?filter=5) * [ 0 4-star reviews ](https://wordpress.org/support/plugin/xmlrpc-lockdown/reviews/?filter=4) * [ 0 3-star reviews ](https://wordpress.org/support/plugin/xmlrpc-lockdown/reviews/?filter=3) * [ 0 2-star reviews ](https://wordpress.org/support/plugin/xmlrpc-lockdown/reviews/?filter=2) * [ 0 1-star reviews ](https://wordpress.org/support/plugin/xmlrpc-lockdown/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/xmlrpc-lockdown/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/xmlrpc-lockdown/reviews/) ## Contributors * [ aodigitalau ](https://profiles.wordpress.org/aodigitalau/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/xmlrpc-lockdown/)