Есть ли способ полностью отключить Pingbacks / Trackbacks?

Существует опция отключения трекбэков / pingbacks в разделе « Settings > Discussion .

Но я хотел бы удалить заголовок X-Pingback WordPress и полностью удалить конечную точку trackback .

Есть ли способ сделать это?

Solutions Collecting From Web of "Есть ли способ полностью отключить Pingbacks / Trackbacks?"

 <?php /* Plugin Name: [RPC] XMLRPCless Blog Plugin URI: http://earnestodev.com/ Description: Disable XMLRPC advertising/functionality blog-wide. Version: 0.0.7 Author: EarnestoDev Author URI: http://earnestodev.com/ */ // Disable X-Pingback HTTP Header. add_filter('wp_headers', function($headers, $wp_query){ if(isset($headers['X-Pingback'])){ // Drop X-Pingback unset($headers['X-Pingback']); } return $headers; }, 11, 2); // Disable XMLRPC by hijacking and blocking the option. add_filter('pre_option_enable_xmlrpc', function($state){ return '0'; // return $state; // To leave XMLRPC intact and drop just Pingback }); // Remove rsd_link from filters (<link rel="EditURI" />). add_action('wp', function(){ remove_action('wp_head', 'rsd_link'); }, 9); // Hijack pingback_url for get_bloginfo (<link rel="pingback" />). add_filter('bloginfo_url', function($output, $property){ return ($property == 'pingback_url') ? null : $output; }, 11, 2); // Just disable pingback.ping functionality while leaving XMLRPC intact? add_action('xmlrpc_call', function($method){ if($method != 'pingback.ping') return; wp_die( 'Pingback functionality is disabled on this Blog.', 'Pingback Disabled!', array('response' => 403) ); }); ?> не <?php /* Plugin Name: [RPC] XMLRPCless Blog Plugin URI: http://earnestodev.com/ Description: Disable XMLRPC advertising/functionality blog-wide. Version: 0.0.7 Author: EarnestoDev Author URI: http://earnestodev.com/ */ // Disable X-Pingback HTTP Header. add_filter('wp_headers', function($headers, $wp_query){ if(isset($headers['X-Pingback'])){ // Drop X-Pingback unset($headers['X-Pingback']); } return $headers; }, 11, 2); // Disable XMLRPC by hijacking and blocking the option. add_filter('pre_option_enable_xmlrpc', function($state){ return '0'; // return $state; // To leave XMLRPC intact and drop just Pingback }); // Remove rsd_link from filters (<link rel="EditURI" />). add_action('wp', function(){ remove_action('wp_head', 'rsd_link'); }, 9); // Hijack pingback_url for get_bloginfo (<link rel="pingback" />). add_filter('bloginfo_url', function($output, $property){ return ($property == 'pingback_url') ? null : $output; }, 11, 2); // Just disable pingback.ping functionality while leaving XMLRPC intact? add_action('xmlrpc_call', function($method){ if($method != 'pingback.ping') return; wp_die( 'Pingback functionality is disabled on this Blog.', 'Pingback Disabled!', array('response' => 403) ); }); ?> 

Используйте это для плагина в / wp-content / plugins или / wp-content / mu-plugins (для автоматической активации) . Или functions.php .

Забавно, что я продаю библиотеку WordPress Remote Publishing и дал вам код для отключения XMLRPC 🙂 Плохо для репутации.

@EarnestoDev получил отличный ответ , но теперь он немного устарел после недавних эксплойтов xml-rcp .

Я сделал обновленную версию, которая, как мне кажется, блокирует все возможные возможности доступа к ней. Обратите внимание, что есть несколько плагинов, которые используют функциональность pingback / trackback XML-RPC и могут иметь проблемы, если вы их используете:

  • WordPress Mobile App
  • JetPack LibSyn (для подкастов)
  • Некоторые части BuddyPress
  • Windows Live Writer
  • IFTTT
  • Несколько плагинов галереи

Ниже приведена обновленная версия. Чтобы загрузить его, вы можете скопировать его в файл плагина, заглянуть в mu-plugins или загрузить его на github :

 <?php /* Plugin Name: BYE BYE Pingback Plugin URI: https://github.com/Wordpress-Development/bye-bye-pingback/ Description: Banishment of wordpress pingback Version: 1.0.0 Author: bryanwillis Author URI: https://github.com/bryanwillis/ */ // If this file is called directly, abort. if ( ! defined( 'WPINC' ) ) { die; } /** * Htaccess directive block xmlrcp for extra security. * Here are some rewrite examples: * 404 - RewriteRule xmlrpc\.php$ - [R=404,L] * 301 - RewriteRule ^xmlrpc\.php$ index.php [R=301] * If you want custom 404 make sure your server is finding it by also adding this 'ErrorDocument 404 /index.php?error=404' or 'ErrorDocument 404 /wordpress/index.php?error=404' for sites in subdirectory. */ add_filter('mod_rewrite_rules', 'noxmlrpc_mod_rewrite_rules'); // should we put this inside wp_loaded or activation hook function noxmlrpc_mod_rewrite_rules($rules) { $insert = "RewriteRule xmlrpc\.php$ - [F,L]"; $rules = preg_replace('!RewriteRule!', "$insert\n\nRewriteRule", $rules, 1); return $rules; } register_activation_hook(__FILE__, 'noxmlrpc_htaccess_activate'); function noxmlrpc_htaccess_activate() { flush_rewrite_rules(true); } register_deactivation_hook(__FILE__, 'noxmlrpc_htaccess_deactivate'); function noxmlrpc_htaccess_deactivate() { remove_filter('mod_rewrite_rules', 'noxmlrpc_mod_rewrite_rules'); flush_rewrite_rules(true); } // Remove rsd_link from filters- link rel="EditURI" add_action('wp', function(){ remove_action('wp_head', 'rsd_link'); }, 9); // Remove pingback from head (link rel="pingback") if (!is_admin()) { function link_rel_buffer_callback($buffer) { $buffer = preg_replace('/(<link.*?rel=("|\')pingback("|\').*?href=("|\')(.*?)("|\')(.*?)?\/?>|<link.*?href=("|\')(.*?)("|\').*?rel=("|\')pingback("|\')(.*?)?\/?>)/i', '', $buffer); return $buffer; } function link_rel_buffer_start() { ob_start("link_rel_buffer_callback"); } function link_rel_buffer_end() { ob_flush(); } add_action('template_redirect', 'link_rel_buffer_start', -1); add_action('get_header', 'link_rel_buffer_start'); add_action('wp_head', 'link_rel_buffer_end', 999); } // Return pingback_url empty (<link rel="pingback" href>). add_filter('bloginfo_url', function($output, $property){ return ($property == 'pingback_url') ? null : $output; }, 11, 2); // Disable xmlrcp/pingback add_filter( 'xmlrpc_enabled', '__return_false' ); add_filter( 'pre_update_option_enable_xmlrpc', '__return_false' ); add_filter( 'pre_option_enable_xmlrpc', '__return_zero' ); // Disable trackbacks add_filter( 'rewrite_rules_array', function( $rules ) { foreach( $rules as $rule => $rewrite ) { if( preg_match( '/trackback\/\?\$$/i', $rule ) ) { unset( $rules[$rule] ); } } return $rules; }); // Disable X-Pingback HTTP Header. add_filter('wp_headers', function($headers, $wp_query){ if(isset($headers['X-Pingback'])){ unset($headers['X-Pingback']); } return $headers; }, 11, 2); add_filter( 'xmlrpc_methods', function($methods){ unset( $methods['pingback.ping'] ); unset( $methods['pingback.extensions.getPingbacks'] ); unset( $methods['wp.getUsersBlogs'] ); // Block brute force discovery of existing users unset( $methods['system.multicall'] ); unset( $methods['system.listMethods'] ); unset( $methods['system.getCapabilities'] ); return $methods; }); // Just disable pingback.ping functionality while leaving XMLRPC intact? add_action('xmlrpc_call', function($method){ if($method != 'pingback.ping') return; wp_die( 'This site does not have pingback.', 'Pingback not Enabled!', array('response' => 403) ); }); не <?php /* Plugin Name: BYE BYE Pingback Plugin URI: https://github.com/Wordpress-Development/bye-bye-pingback/ Description: Banishment of wordpress pingback Version: 1.0.0 Author: bryanwillis Author URI: https://github.com/bryanwillis/ */ // If this file is called directly, abort. if ( ! defined( 'WPINC' ) ) { die; } /** * Htaccess directive block xmlrcp for extra security. * Here are some rewrite examples: * 404 - RewriteRule xmlrpc\.php$ - [R=404,L] * 301 - RewriteRule ^xmlrpc\.php$ index.php [R=301] * If you want custom 404 make sure your server is finding it by also adding this 'ErrorDocument 404 /index.php?error=404' or 'ErrorDocument 404 /wordpress/index.php?error=404' for sites in subdirectory. */ add_filter('mod_rewrite_rules', 'noxmlrpc_mod_rewrite_rules'); // should we put this inside wp_loaded or activation hook function noxmlrpc_mod_rewrite_rules($rules) { $insert = "RewriteRule xmlrpc\.php$ - [F,L]"; $rules = preg_replace('!RewriteRule!', "$insert\n\nRewriteRule", $rules, 1); return $rules; } register_activation_hook(__FILE__, 'noxmlrpc_htaccess_activate'); function noxmlrpc_htaccess_activate() { flush_rewrite_rules(true); } register_deactivation_hook(__FILE__, 'noxmlrpc_htaccess_deactivate'); function noxmlrpc_htaccess_deactivate() { remove_filter('mod_rewrite_rules', 'noxmlrpc_mod_rewrite_rules'); flush_rewrite_rules(true); } // Remove rsd_link from filters- link rel="EditURI" add_action('wp', function(){ remove_action('wp_head', 'rsd_link'); }, 9); // Remove pingback from head (link rel="pingback") if (!is_admin()) { function link_rel_buffer_callback($buffer) { $buffer = preg_replace('/(<link.*?rel=("|\')pingback("|\').*?href=("|\')(.*?)("|\')(.*?)?\/?>|<link.*?href=("|\')(.*?)("|\').*?rel=("|\')pingback("|\')(.*?)?\/?>)/i', '', $buffer); return $buffer; } function link_rel_buffer_start() { ob_start("link_rel_buffer_callback"); } function link_rel_buffer_end() { ob_flush(); } add_action('template_redirect', 'link_rel_buffer_start', -1); add_action('get_header', 'link_rel_buffer_start'); add_action('wp_head', 'link_rel_buffer_end', 999); } // Return pingback_url empty (<link rel="pingback" href>). add_filter('bloginfo_url', function($output, $property){ return ($property == 'pingback_url') ? null : $output; }, 11, 2); // Disable xmlrcp/pingback add_filter( 'xmlrpc_enabled', '__return_false' ); add_filter( 'pre_update_option_enable_xmlrpc', '__return_false' ); add_filter( 'pre_option_enable_xmlrpc', '__return_zero' ); // Disable trackbacks add_filter( 'rewrite_rules_array', function( $rules ) { foreach( $rules as $rule => $rewrite ) { if( preg_match( '/trackback\/\?\$$/i', $rule ) ) { unset( $rules[$rule] ); } } return $rules; }); // Disable X-Pingback HTTP Header. add_filter('wp_headers', function($headers, $wp_query){ if(isset($headers['X-Pingback'])){ unset($headers['X-Pingback']); } return $headers; }, 11, 2); add_filter( 'xmlrpc_methods', function($methods){ unset( $methods['pingback.ping'] ); unset( $methods['pingback.extensions.getPingbacks'] ); unset( $methods['wp.getUsersBlogs'] ); // Block brute force discovery of existing users unset( $methods['system.multicall'] ); unset( $methods['system.listMethods'] ); unset( $methods['system.getCapabilities'] ); return $methods; }); // Just disable pingback.ping functionality while leaving XMLRPC intact? add_action('xmlrpc_call', function($method){ if($method != 'pingback.ping') return; wp_die( 'This site does not have pingback.', 'Pingback not Enabled!', array('response' => 403) ); }); 

Кроме того, если вы хотите закрыть все существующие pingback, выполните следующие действия:

1) Откройте phpmyadmin и перейдите к разделу SQL:

SQL

2) Введите следующее:

 UPDATE wp_posts SET ping_status="closed"; 

3) Все существующие pingbacks теперь должны быть закрыты