What Is XML-RPC For WordPress?

  • With WordPress XML-RPC support, you can post to your WordPress blog using many popular Weblog Clients. The XML-RPC system can be extended by WordPress Plugins to modify its behavior.
  • XML-RPC is a remote procedure call (RPC) protocol which uses XML to encode its calls and HTTP as a transport mechanism.[1] “XML-RPC” also refers generically to the use of XML for remote procedure call, independently of the specific protocol. This article is about the protocol called “XML-RPC”.
  • Using extended markup-up language, it is possible to remotely control WordPress with other software. In this case, one WordPress XML-RPC talks to the other and inserts a comment that you cited their blog.
  • XML-RPC Chart Flow

Using Pingback/Trackback with trusted peers

If you and others within the same topic(s) whitelist each other, all your backlinks from them and from you build highly relevant hyperlinks. Only do this with domains you trust. Do NOT do this with your own collection of domains just for the sake of link farming. It will be ok if the pingbacks do not seem spammy. Use wise judgement.

Step 1: Block Access To WordPress XML-RPC For Everyone

Use this inside your apache virtual host conf file or .htaccess file.

Use the allow statements toward the end for additional domains to whitelist. The top of my lists includes known jetpack ip addresses at the time of my research. Your domain should not be in here. Line 1 takes care of allowing your domain to use xml-rpc pingbacks / trackbacks.

Step 2: Copy .htaccess rules to other domain

Have that domain ADD your domain with an allow rule. This sets up a two-way avenue for both domains to cite articles from one another.

Article Resources:


  1. XML-RPC WordPress API
  2. Twitter Conversation w/ DynDNS.org
  3. Wikipedia – XML-RPC

1 thought on “WordPress XML-RPC Better Security – PingBacks And Trackbacks”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.