在下有关闭trackbacks/pingbacks的选项Settings > Discussion.
但我想删除X-Pingback header WordPress发送并完全删除trackback 端点。
有没有办法做到这一点?
有没有办法完全关闭Pingback/Trackback?
2 个回复
最合适的回答,由SO网友:EarnestoDev 整理而成
<?php
/*
Plugin Name: [RPC] XMLRPCless Blog
Plugin URI: http://earnestodev.com/
Description: Disable XMLRPC advertising/functionality blog-wide.
Version: 0.0.7
Author: EarnestoDev
Author URI: http://earnestodev.com/
*/
// Disable X-Pingback HTTP Header.
add_filter(\'wp_headers\', function($headers, $wp_query){
if(isset($headers[\'X-Pingback\'])){
// Drop X-Pingback
unset($headers[\'X-Pingback\']);
}
return $headers;
}, 11, 2);
// Disable XMLRPC by hijacking and blocking the option.
add_filter(\'pre_option_enable_xmlrpc\', function($state){
return \'0\'; // return $state; // To leave XMLRPC intact and drop just Pingback
});
// Remove rsd_link from filters (<link rel="EditURI" />).
add_action(\'wp\', function(){
remove_action(\'wp_head\', \'rsd_link\');
}, 9);
// Hijack pingback_url for get_bloginfo (<link rel="pingback" />).
add_filter(\'bloginfo_url\', function($output, $property){
return ($property == \'pingback_url\') ? null : $output;
}, 11, 2);
// Just disable pingback.ping functionality while leaving XMLRPC intact?
add_action(\'xmlrpc_call\', function($method){
if($method != \'pingback.ping\') return;
wp_die(
\'Pingback functionality is disabled on this Blog.\',
\'Pingback Disabled!\',
array(\'response\' => 403)
);
});
?>
有趣的是我卖了一个WordPress Remote Publishing Library 并提供了禁用XMLRPC的代码:)对声誉有害
SO网友:Bryan Willis
@EarnestoDev有一个great answer, 但现在有点过时了xml-rcp exploits.
我已经做了一个更新版本,我认为它阻止了所有可能的访问。但请注意,有一些插件利用了XML-RPC pingback/trackback功能,如果使用这些插件,可能会出现问题:
WordPress移动应用程序JetPack LibSyn(用于播客)BuddyPress的一些部分
Here\'s an updated version below. To download it you can copy it into a plugin file, drop in in mu-plugins or download it on github:
<?php
/*
Plugin Name: BYE BYE Pingback
Plugin URI: https://github.com/Wordpress-Development/bye-bye-pingback/
Description: Banishment of wordpress pingback
Version: 1.0.0
Author: bryanwillis
Author URI: https://github.com/bryanwillis/
*/
// If this file is called directly, abort.
if ( ! defined( \'WPINC\' ) ) {
die;
}
/**
* Htaccess directive block xmlrcp for extra security.
* Here are some rewrite examples:
* 404 - RewriteRule xmlrpc\\.php$ - [R=404,L]
* 301 - RewriteRule ^xmlrpc\\.php$ index.php [R=301]
* If you want custom 404 make sure your server is finding it by also adding this \'ErrorDocument 404 /index.php?error=404\' or \'ErrorDocument 404 /wordpress/index.php?error=404\' for sites in subdirectory.
*/
add_filter(\'mod_rewrite_rules\', \'noxmlrpc_mod_rewrite_rules\'); // should we put this inside wp_loaded or activation hook
function noxmlrpc_mod_rewrite_rules($rules) {
$insert = "RewriteRule xmlrpc\\.php$ - [F,L]";
$rules = preg_replace(\'!RewriteRule!\', "$insert\\n\\nRewriteRule", $rules, 1);
return $rules;
}
register_activation_hook(__FILE__, \'noxmlrpc_htaccess_activate\');
function noxmlrpc_htaccess_activate() {
flush_rewrite_rules(true);
}
register_deactivation_hook(__FILE__, \'noxmlrpc_htaccess_deactivate\');
function noxmlrpc_htaccess_deactivate() {
remove_filter(\'mod_rewrite_rules\', \'noxmlrpc_mod_rewrite_rules\');
flush_rewrite_rules(true);
}
// Remove rsd_link from filters- link rel="EditURI"
add_action(\'wp\', function(){
remove_action(\'wp_head\', \'rsd_link\');
}, 9);
// Remove pingback from head (link rel="pingback")
if (!is_admin()) {
function link_rel_buffer_callback($buffer) {
$buffer = preg_replace(\'/(<link.*?rel=("|\\\')pingback("|\\\').*?href=("|\\\')(.*?)("|\\\')(.*?)?\\/?>|<link.*?href=("|\\\')(.*?)("|\\\').*?rel=("|\\\')pingback("|\\\')(.*?)?\\/?>)/i\', \'\', $buffer);
return $buffer;
}
function link_rel_buffer_start() {
ob_start("link_rel_buffer_callback");
}
function link_rel_buffer_end() {
ob_flush();
}
add_action(\'template_redirect\', \'link_rel_buffer_start\', -1);
add_action(\'get_header\', \'link_rel_buffer_start\');
add_action(\'wp_head\', \'link_rel_buffer_end\', 999);
}
// Return pingback_url empty (<link rel="pingback" href>).
add_filter(\'bloginfo_url\', function($output, $property){
return ($property == \'pingback_url\') ? null : $output;
}, 11, 2);
// Disable xmlrcp/pingback
add_filter( \'xmlrpc_enabled\', \'__return_false\' );
add_filter( \'pre_update_option_enable_xmlrpc\', \'__return_false\' );
add_filter( \'pre_option_enable_xmlrpc\', \'__return_zero\' );
// Disable trackbacks
add_filter( \'rewrite_rules_array\', function( $rules ) {
foreach( $rules as $rule => $rewrite ) {
if( preg_match( \'/trackback\\/\\?\\$$/i\', $rule ) ) {
unset( $rules[$rule] );
}
}
return $rules;
});
// Disable X-Pingback HTTP Header.
add_filter(\'wp_headers\', function($headers, $wp_query){
if(isset($headers[\'X-Pingback\'])){
unset($headers[\'X-Pingback\']);
}
return $headers;
}, 11, 2);
add_filter( \'xmlrpc_methods\', function($methods){
unset( $methods[\'pingback.ping\'] );
unset( $methods[\'pingback.extensions.getPingbacks\'] );
unset( $methods[\'wp.getUsersBlogs\'] ); // Block brute force discovery of existing users
unset( $methods[\'system.multicall\'] );
unset( $methods[\'system.listMethods\'] );
unset( $methods[\'system.getCapabilities\'] );
return $methods;
});
// Just disable pingback.ping functionality while leaving XMLRPC intact?
add_action(\'xmlrpc_call\', function($method){
if($method != \'pingback.ping\') return;
wp_die(
\'This site does not have pingback.\',
\'Pingback not Enabled!\',
array(\'response\' => 403)
);
});
Also, if you want to close all existing pingback follow these steps:
1) 打开phpmyadmin并导航到SQL部分:
UPDATE wp_posts SET ping_status="closed";
结束