[wp-trac] [WordPress Trac] #36055: Filter xmlrpc_enabled only partly works

WordPress Trac noreply at wordpress.org
Fri Mar 4 08:17:35 UTC 2016

#36055: Filter xmlrpc_enabled only partly works
 Reporter:  markoheijnen  |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  4.5
Component:  XML-RPC       |     Version:  2.9
 Severity:  normal        |  Resolution:
 Keywords:  has-patch     |     Focuses:

Comment (by mensmaximus):

 Replying to [comment:12 dd32]:

 > We can't change the behaviour of that filter now to also block
 pingbacks. What we could do instead is add a new way to completely remove
 XML-RPC all together, but I'm not sure of the intentions behind that (as
 this ticket doesn't have any context as to where it came from).

 The request came originally from me. I contacted @markoheijnen on slack
 due to the nature of the issue I discovered. As you already said in an
 other comment this filter is named badly and users get a bad idea fro what
 it is doing. The main reason behind it is to have an option do "really"
 disable/switch off/remove XML-RPC if a customer does not need it. This has
 different reasons like security, philosophy and architectural design (take
 the one you like most).

 My suggestion was to filter the server_request:
 public function serve_request() {
         $enabled = apply_filters( 'xmlrpc_enabled', true );
         if ( $enabled ) {

 I understand your concern about the history of the filter and the backward
 compatibility. Creating a new filter instead would be reasonable.

Ticket URL: <https://core.trac.wordpress.org/ticket/36055#comment:16>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list