After the holiday weekend, one of the larger sites I manage had a brute force attack on it. The attacker was attempting to use the wp.getUsersBlogs function and a list of popular usernames and passwords. A quick bit of research shows me that after a successful attempt this function will return whether or not the … Read more
In a theme I’m developing, I need to link to the source post when the post has been stored using XMLRPC. That implies that every time WordPress asks for a permalink (using get_permalink()) the theme will return a previously saved link. That’s accomplished by adding a new filter: add_action(‘the_permalink’, ‘filterPermalink’); function filterPermalink($url) { $permalink = … Read more
I have a service that puts a daily post to my blog via XML-RPC. It doesn’t offer me any control of what category it goes into so I want to just add a filter/hook to add the category I want into the incoming post data: add_action (‘xmlrpc_call’, ‘check_xmlrpc_call’ ); function check_xmlrpc_call( $method ) { if( … Read more
I have been trying to add WordPress posts by XMLRPC calls. The code is working but the tags and categories are not setting. I have tried almost every solution provided in every forum. PS: I am getting a few of the variables from another application — that part is working correctly. <?php include(“lib/xmlrpc.inc”); $function_name = … Read more
According to old post: How to secure WordPress XMLRPC?, every API require authentication. So, what is the point of adding X-Pingback in every public request? curl -I http://ma.tt .. X-Pingback: http://ma.tt/blog/xmlrpc.php Content-Type: text/html; charset=UTF-8 .. 1 Answer 1 I think that when talking about XMLRPC in the context of wordpress you usually mean to talk … Read more
I have taken over a website where I work that was developed by a previous employee, it seems that recently this site has been the victim of a string of DDoS attacks through the use of the xmlrpc pingback proven by log entries like this: 154.16.63.40 – – [22/May/2016:06:52:49 +0100] “POST /xmlrpc.php HTTP/1.1” 200 596 … Read more
I need to add custom methods to the Xml-Rpc file and have found the following: // Custom plugins add_filter(‘xmlrpc_methods’, ‘custom_xmlrpc_methods’); function custom_xmlrpc_methods($methods) { $methods[‘myMethod’] = ‘my_function’; return $methods; } Questions: Is it possible to have the callback function in another file and if yes then how do you do that in the code? If I … Read more
I’m working with a custom XML-RPC method to capture some information for a plugin I am building. When activated the user has to authenticate themselves by entering there user/password given to them when purchasing the plugin on my WP site. The plugin uses this code: if ( isset( $_POST[‘username’] ) && isset( $_POST[‘password’] ) ) … Read more
So now that it is possible to work with Custom Post Types over XML-RPC, has anyone figured out a way to set the post type for all items coming in via XLM-RPC to a default post type? IFTTT has a WordPress action that lets you create a photo post via XML-RPC. Both are coming through … Read more
Because there are a lot of attacks lately on xmlrpc.php, I want to block access to this file or disable it. I am aware some remote updating functions won’t work (like the mobile app) but that doesn’t matter in my case. However, I want to be sure the updating services (like pinging Pingomatic) are not … Read more
