Enable XMLRPC Access Per User

In a multi user enviroment, be it a multi author site or a multisite/network, You might run into a situation where most of the users do not need to use XML-RPC or you just prefer not to offer the option, but still you need to somehow make access via the protocol available to a specific group of users (admin monitoring the site via a smartphone app) or some external automatic publishing bot.

This plugin is just what you need in this kind of scenario. By default it will just deny access to any user over XML-RPC and then the admin or super admin in a network can allow access in the user’s profile page.

Important details:

  • Only XML-RPC methods which require authentication will be handle (approved or denied access), other methods that do not require authentication like pingback will keep working
  • The Jetpack plugin likes to have its own user authentication and disregards almost any other authentication plugin. Since there is no real documentation of its expectations it is hard to predict whether the per user jetpack functionality will still work when a user is authenticated against the jetpack “mother” servers but denied XML-RPC access with this plugin.




WordPress versions 4.3 and above. Compatible both for single site and a multisite/network. Can be activated as a network plugin or dropped into mu-plugins.


Leave a Reply

Your email address will not be published. Required fields are marked *

Comment policy

We are not going to share your e-mail with anyone else, but we might send you answers to your questions directly to your email.