=== XMLRPC Lockdown by AO Digital === Contributors: aodigital Author URI: http://aodigital.com.au Tags: xmlrpc, security, WordPress, Jetpack, mobile app, customization Requires PHP: 8.0 Tested up to: WordPress 6.7.2 Stable tag: 2.0 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html == Description == XMLRPC Lockdown by AO Digital is an advanced security plugin for WordPress. It blocks access to `xmlrpc.php` for all requests except those explicitly allowed, such as requests from Jetpack, the WordPress mobile app, and other specified services. With the latest enhancements, users can customize the list of allowed services and create custom allowances for specific IPs, URLs, or referrers directly from the WordPress admin dashboard. **Key Features:** - Blocks unauthorized access to `xmlrpc.php`, enhancing WordPress security. - Allows specific services like Jetpack and the WordPress mobile app to work seamlessly. - New settings page for managing allowed plugins and custom allowances. - AJAX-powered options saving for a smooth user experience. - Fully compatible with PHP 8.0+ and tested up to WordPress 6.7.2. Whether you're looking to secure your site or fine-tune `xmlrpc.php` access, XMLRPC Lockdown by AO Digital offers a robust, user-friendly solution. == Installation == 1. Download the latest version of the plugin from the WordPress plugin repository. 2. Upload the entire `xmlrpc-lockdown` folder to the `/wp-content/plugins/` directory of your WordPress site. 3. Log in to your WordPress dashboard and navigate to the "Plugins" page. 4. Locate **XMLRPC Lockdown by AO Digital** in the list and click "Activate". == Frequently Asked Questions == = How does the plugin work? = The plugin blocks all requests to `xmlrpc.php` by default, except for those from user-specified plugins and custom allowances defined via the admin settings. = Can I add custom IPs, URLs, or referrers? = Yes, the settings page includes a "Custom Allowances" section where you can whitelist specific IPs, URLs, or referrers. = Is the plugin compatible with Jetpack and the WordPress mobile app? = Yes, Jetpack and the WordPress mobile app are preconfigured as allowed plugins. You can manage this in the settings page. = What are the system requirements? = The plugin requires PHP 8.0 or later and is tested with WordPress version 6.7.2. == Screenshots == 1. **Settings Page**: Manage allowed plugins and custom allowances. == Changelog == = 2.0 = * Overhauled plugin to include an admin settings page. * Added support for custom allowances (IPs, URLs, referrers). * Improved compatibility with PHP 8.0+. * Enhanced AJAX-powered saving for a seamless experience. * Updated blocking logic for better performance and flexibility. = 1.1 = * Initial version. == Support == For assistance with XMLRPC Lockdown by AO Digital, please visit [AO Digital Support](http://aodigital.com.au) or email us at support@aodigital.com.au.