Stop Devastating WordPress Brute Force Attacks

Shield your site from XML-RPC exploits that bypass normal security—maintain full Jetpack/app compatibility while blocking dangerous threats.

Built by veteran WordPress engineers, XML-RPC Guardian delivers enterprise-grade protection without breaking the features you depend on.

🔒 Why Website Owners Choose XML-RPC Guardian

• Bulletproof Brute Force Protection: Automatically blocks XML-RPC login attacks and massive password guessing that defeat normal security plugins
• Never Break Jetpack or Mobile Apps: Intelligent filters keep everything running—only attackers are stopped
• Real-Time Monitoring: Instantly see blocked threats and security events from your dashboard
• No Technical Setup Needed: Activate and get industry-grade protection out-of-the-box
• Compliant & Lightweight: Clean code, no bloat, ready for the latest WordPress + PHP
• Peace of Mind: Designed and supported from Canada by experts with 10+ years in WordPress security

✅ Perfect For

• Business, community, or client WordPress sites
• Sites tired of unexplained lockouts or crash reports from XML-RPC
• Users who demand security and full compatibility (Jetpack, Automattic, apps)

❓ Frequently Asked Questions

Q: Will Jetpack or mobile apps break?
A: No! Unlike "disable XML-RPC" plugins, Guardian keeps legit integrations working.

Q: What's required?
A: WordPress 5.8+; PHP 7.4+; No coding skills needed.

Q: How do I install?
A: Upload, activate, receive instant protection.

🚀 Ready to secure your site?
Get XML-RPC Guardian and say goodbye to brute force threats for good.

Enterprise-Grade Security Features

• Advanced Method Filtering: Blocks pingback.ping, system.multicall, and other high-risk methods.
• IP Access Control: Allowlist and blocklist with IPv4/IPv6 CIDR support and proxy awareness.
• Rate Limiting Protection: Per-IP throttling (10–1000 requests per 60–3600s) with retry-after headers.
• Application Password Enforcement: Forces use of WordPress application passwords for XML-RPC.
• Real-time Monitoring: Detailed security logging of blocked requests and events.

Three Security Modes

1. Default Mode: Safe removals only—blocks high-risk methods, allows others.
2. Allowlist Mode: Strict—only specified methods permitted.
3. Blocklist Mode: Flexible—only specified methods blocked.

Why Choose XML-RPC Guardian?

• ✅ Jetpack Compatibility – Maintains full Jetpack functionality.
• ✅ Mobile App Support – Pre-configured profiles for WordPress mobile apps.
• ✅ Zero Configuration – Secure defaults out of the box.
• ✅ Professional Logging – Detailed logs for compliance.
• ✅ Expert Support – Comprehensive documentation and updates.

Feature List

🔒 Core Security Protection

• Pingback.ping & getPingbacks removal
• system.multicall brute force mitigation
• Real-time XML-RPC method filtering
• Configurable demo/test method blocking
• Application Password enforcement

⚙️ Flexible Configuration Options

• Three security modes: Default, Allowlist, Blocklist
• Custom allowlist/blocklist method lists
• IP allowlisting/denylisting with CIDR
• Per-IP rate limiting & time window control
• Automatic cleanup via WordPress transients

🔄 Smart Compatibility Features

• Automatic Jetpack detection & method preservation
• Pre-configured mobile app profiles (wp., metaWeblog, blogger)
• Proxy-header awareness (X-Forwarded-For, Cloudflare)
• Non-destructive updates
• WordPress hook & filter integration

📊 Monitoring & Management

• Block event logging with PHP error log integration
• Admin interface under Settings → XML-RPC Guardian
• Visual status badge
• Graceful error handling & proper HTTP status codes
• Optimized algorithms for minimal overhead

🌐 Professional Features

• Full internationalization support with POT file
• Object-oriented code architecture
• Comprehensive README, inline help, user tips
• Security best practices: sanitization, capability checks
• Uninstall hook cleans all settings & data

WordPress Versions

• Minimum: 5.8+
• Tested: 6.0, 6.1, 6.2, 6.3, 6.4, 6.6, 6.8, 6.8.2
• Future: Compatible with upcoming releases

PHP Versions

• Minimum: 7.4
• Recommended: 8.0+
• Tested: 7.4, 8.0, 8.1, 8.2, 8.3

🚀 Quick Start

Installation

1. Upload the plugin files to /wp-content/plugins/xmlrpc-guardian/
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Configure settings under Settings → XML-RPC Guardian