Filters whether XML-RPC methods requiring authentication are enabled.


apply_filters( 'xmlrpc_enabled', (bool) $enabled ); 

Contrary to the way it's named, this filter does not control whether XML-RPC is *fully* enabled, rather, it only controls whether XML-RPC methods requiring authentication - such as for publishing purposes - are enabled.

Further, the filter does not control whether pingbacks or other custom endpoints that don't require authentication are enabled. This behavior is expected, and due to how parity was matched with the enable_xmlrpc UI option the filter replaced when it was introduced in 3.5.

To disable XML-RPC methods that require authentication, use:

For more granular control over all XML-RPC methods and requests, see the and hooks.

Parameters (1)

0. $enabled (bool)
Whether XML-RPC is enabled. Default true.


To run the hook, copy the example below.
  1. $enabled = apply_filters( 'xmlrpc_enabled', $enabled ); 
  3. if ( !empty( $enabled ) ) { 
  5. // everything has led up to this point... 
The following example is for adding a hook callback.
  1. // define the xmlrpc_enabled callback 
  2. function filter_xmlrpc_enabled( $enabled ) { 
  3. // make filter magic happen here... 
  4. return $enabled
  5. }; 
  7. // add the filter 
  8. add_filter( 'xmlrpc_enabled', 'filter_xmlrpc_enabled', 10, 1 ); 
To remove a hook callback, use the example below.
  1. // remove the filter 
  2. remove_filter( 'xmlrpc_enabled', 'filter_xmlrpc_enabled', 10, 1 ); 

Defined (1)

The filter is defined in the following location(s).

  1. $enabled = apply_filters( 'xmlrpc_enabled', $enabled );