Make WordPress Core

Opened 6 years ago

Closed 3 years ago

#10658 closed enhancement (wontfix)

XMLRPC failure string should convey disabled status for GET requests, too

Reported by: redsweater Owned by: josephscott
Milestone: Priority: normal
Severity: normal Version:
Component: XML-RPC Keywords: has-patch
Focuses: Cc:


Currently if you issues a plain GET request (e.g. by trying to load an xmlrpc.php URL in a browser), you get the error string provided by wp-includes/class-IXR.php:

XML-RPC server accepts POST requests only.

This is not indicative of any configuration problem when XMLRPC has not been enabled for the blog. Compare to wp-app.php which, in a comparable situation, at least indicates the configuration problem:

AtomPub services are disabled on this blog. An admin user can enable them at

The attached patch changes xmlrpc.php so that it will provide the same type of verbose message as wp-app.php does, allowing clients to see immediately upon trying to access the xmlrpc endpoint URL, that service is disabled:

XML-RPC services are disabled on this blog. An admin user can enable them at

I think this will have a positive impact on providing support e.g. to users of applications that depend on the API. It's a shortcut when debugging functionality to type in the xmlrpc URL into the browser to make sure it's configured correctly, and not spewing any errors.

While I was at it I factored the generation of the string for disabled XMLRPC into a new method errorStringForDisabledXMLRPC().

Attachments (1)

XMLRPCErrorString.diff (1.8 KB) - added by redsweater 6 years ago.

Download all attachments as: .zip

Change History (6)

#1 @redsweater
6 years ago

  • Component changed from General to XML-RPC

#2 @westi
6 years ago

  • Cc westi added

Interesting idea.

I wonder if we should always override GET and uses it as a way to point to documentation as well as giving feedback on enablement status.

#3 @nacin
6 years ago

  • Milestone changed from Unassigned to Future Release

#4 @markoheijnen
3 years ago

It's a interesting idea but I would say close this as wont-fix. The reason is that "POST requests only" is a message for developers. A user never should see that where the disable XML-RPC message is for users.

#5 @markoheijnen
3 years ago

  • Milestone Future Release deleted
  • Resolution set to wontfix
  • Status changed from new to closed

This isn't really a problem anymore since the XML-RPC is enabled by default (3.5). Also my previous reason still apply

Note: See TracTickets for help on using tickets.