plugins - X-Pingback and XMLRPC

admin管理员组

文章数量:1303670

According to old post: How to secure WordPress XMLRPC?, every API require authentication.

So, what is the point of adding X-Pingback in every public request?

curl -I 
..
X-Pingback: .php
Content-Type: text/html; charset=UTF-8
..

According to old post: How to secure WordPress XMLRPC?, every API require authentication.

So, what is the point of adding X-Pingback in every public request?

curl -I http://ma.tt
..
X-Pingback: http://ma.tt/blog/xmlrpc.php
Content-Type: text/html; charset=UTF-8
..

• plugins
• xml-rpc

Share Improve this question edited Apr 13, 2017 at 12:37 CommunityBot 1 asked Dec 14, 2012 at 7:35 YogaYoga 91922 gold badges2020 silver badges3939 bronze badges

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 4

I think that when talking about XMLRPC in the context of wordpress you usually mean to talk about authoring tools utilizing the XMLRPC protocol, and not about the protocol in general.

In case of pingbacks and trackbacks the XMLRPC protocol is utelized to send content (comment) to your site by some other entity which is probably doing it in some automattic way. That entity needs to know the endpoint to which to send it request based on the address of the page where the comment should be published, there for you need to be able to retrieve the address of the endpoint from the URL of the page and this is done by the page adding the address as an HTTP header (maybe it can also be done by adding a meta tag to the HTML).

TL;DR; the HTTP header is related to supporting pingbacks which works in different way then XMLRPC based publishing

Unfortunately even when pingback and trackbacks are disabled the HTTP header is being sent. If you want to disable it, add the following code to your theme functions.php (taken from here)

function remove_x_pingback($headers) {
    unset($headers['X-Pingback']);
    return $headers;
}
add_filter('wp_headers', 'remove_x_pingback');

本文标签： pluginsXPingback and XMLRPC