有没有办法完全关闭Pingback/Trackback?

时间:2011-10-24 作者:chrisguitarguy

在下有关闭trackbacks/pingbacks的选项Settings > Discussion.

但我想删除X-Pingback header WordPress发送并完全删除trackback 端点。

有没有办法做到这一点?

2 个回复
最合适的回答,由SO网友:EarnestoDev 整理而成

<?php
/*
Plugin Name: [RPC] XMLRPCless Blog
Plugin URI: http://earnestodev.com/
Description: Disable XMLRPC advertising/functionality blog-wide.
Version: 0.0.7
Author: EarnestoDev
Author URI: http://earnestodev.com/
*/
// Disable X-Pingback HTTP Header.
add_filter(\'wp_headers\', function($headers, $wp_query){
    if(isset($headers[\'X-Pingback\'])){
        // Drop X-Pingback
        unset($headers[\'X-Pingback\']);
    }
    return $headers;
}, 11, 2);
// Disable XMLRPC by hijacking and blocking the option.
add_filter(\'pre_option_enable_xmlrpc\', function($state){
    return \'0\'; // return $state; // To leave XMLRPC intact and drop just Pingback
});
// Remove rsd_link from filters (<link rel="EditURI" />).
add_action(\'wp\', function(){
    remove_action(\'wp_head\', \'rsd_link\');
}, 9);
// Hijack pingback_url for get_bloginfo (<link rel="pingback" />).
add_filter(\'bloginfo_url\', function($output, $property){
    return ($property == \'pingback_url\') ? null : $output;
}, 11, 2);
// Just disable pingback.ping functionality while leaving XMLRPC intact?
add_action(\'xmlrpc_call\', function($method){
    if($method != \'pingback.ping\') return;
    wp_die(
        \'Pingback functionality is disabled on this Blog.\',
        \'Pingback Disabled!\',
        array(\'response\' => 403)
    );
});
?>
将此用于中的插件/wp-content/plugins/wp-content/mu-plugins (用于自动激活)。或functions.php.

有趣的是我卖了一个WordPress Remote Publishing Library 并提供了禁用XMLRPC的代码:)对声誉有害

SO网友:Bryan Willis

@EarnestoDev有一个great answer, 但现在有点过时了xml-rcp exploits.

我已经做了一个更新版本,我认为它阻止了所有可能的访问。但请注意,有一些插件利用了XML-RPC pingback/trackback功能,如果使用这些插件,可能会出现问题:

WordPress移动应用程序JetPack LibSyn(用于播客)BuddyPress的一些部分

Here\'s an updated version below. To download it you can copy it into a plugin file, drop in in mu-plugins or download it on github:

<?php
/*
Plugin Name:        BYE BYE Pingback
Plugin URI:         https://github.com/Wordpress-Development/bye-bye-pingback/
Description:        Banishment of wordpress pingback
Version:            1.0.0
Author:             bryanwillis
Author URI:         https://github.com/bryanwillis/
*/

// If this file is called directly, abort.
if ( ! defined( \'WPINC\' ) ) {
    die;
}

/**
 * Htaccess directive block xmlrcp for extra security.
 * Here are some rewrite examples:
 *   404 - RewriteRule xmlrpc\\.php$ - [R=404,L]
 *   301 - RewriteRule ^xmlrpc\\.php$ index.php [R=301]
 * If you want custom 404 make sure your server is finding it by also adding this \'ErrorDocument 404 /index.php?error=404\' or \'ErrorDocument 404 /wordpress/index.php?error=404\' for sites in subdirectory.
 */ 
add_filter(\'mod_rewrite_rules\', \'noxmlrpc_mod_rewrite_rules\'); // should we put this inside wp_loaded or activation hook
function noxmlrpc_mod_rewrite_rules($rules) {
  $insert = "RewriteRule xmlrpc\\.php$ - [F,L]";
  $rules = preg_replace(\'!RewriteRule!\', "$insert\\n\\nRewriteRule", $rules, 1);
  return $rules;
}

register_activation_hook(__FILE__, \'noxmlrpc_htaccess_activate\');
function noxmlrpc_htaccess_activate() {
  flush_rewrite_rules(true);
}

register_deactivation_hook(__FILE__, \'noxmlrpc_htaccess_deactivate\');
function noxmlrpc_htaccess_deactivate() {
  remove_filter(\'mod_rewrite_rules\', \'noxmlrpc_mod_rewrite_rules\');
  flush_rewrite_rules(true);
}


// Remove rsd_link from filters- link rel="EditURI"
add_action(\'wp\', function(){
    remove_action(\'wp_head\', \'rsd_link\');
}, 9);


// Remove pingback from head (link rel="pingback")
if (!is_admin()) {      
    function link_rel_buffer_callback($buffer) {
        $buffer = preg_replace(\'/(<link.*?rel=("|\\\')pingback("|\\\').*?href=("|\\\')(.*?)("|\\\')(.*?)?\\/?>|<link.*?href=("|\\\')(.*?)("|\\\').*?rel=("|\\\')pingback("|\\\')(.*?)?\\/?>)/i\', \'\', $buffer);
                return $buffer;
    }
    function link_rel_buffer_start() {
        ob_start("link_rel_buffer_callback");
    }
    function link_rel_buffer_end() {
        ob_flush();
    }
    add_action(\'template_redirect\', \'link_rel_buffer_start\', -1);
    add_action(\'get_header\', \'link_rel_buffer_start\');
    add_action(\'wp_head\', \'link_rel_buffer_end\', 999);
}


// Return pingback_url empty (<link rel="pingback" href>).
add_filter(\'bloginfo_url\', function($output, $property){
    return ($property == \'pingback_url\') ? null : $output;
}, 11, 2);


// Disable xmlrcp/pingback
add_filter( \'xmlrpc_enabled\', \'__return_false\' );
add_filter( \'pre_update_option_enable_xmlrpc\', \'__return_false\' );
add_filter( \'pre_option_enable_xmlrpc\', \'__return_zero\' );

// Disable trackbacks
add_filter( \'rewrite_rules_array\', function( $rules ) {
    foreach( $rules as $rule => $rewrite ) {
        if( preg_match( \'/trackback\\/\\?\\$$/i\', $rule ) ) {
            unset( $rules[$rule] );
        }
    }
    return $rules;
});


// Disable X-Pingback HTTP Header.
add_filter(\'wp_headers\', function($headers, $wp_query){
    if(isset($headers[\'X-Pingback\'])){
        unset($headers[\'X-Pingback\']);
    }
    return $headers;
}, 11, 2);


add_filter( \'xmlrpc_methods\', function($methods){
    unset( $methods[\'pingback.ping\'] );
    unset( $methods[\'pingback.extensions.getPingbacks\'] );
    unset( $methods[\'wp.getUsersBlogs\'] ); // Block brute force discovery of existing users
    unset( $methods[\'system.multicall\'] );
    unset( $methods[\'system.listMethods\'] );
    unset( $methods[\'system.getCapabilities\'] );
    return $methods;
});


// Just disable pingback.ping functionality while leaving XMLRPC intact?
add_action(\'xmlrpc_call\', function($method){
    if($method != \'pingback.ping\') return;
    wp_die(
        \'This site does not have pingback.\',
        \'Pingback not Enabled!\',
        array(\'response\' => 403)
    );
});

Also, if you want to close all existing pingback follow these steps:

1) 打开phpmyadmin并导航到SQL部分:

sql

2) 输入以下内容:

UPDATE wp_posts SET ping_status="closed";
3) 现在应关闭所有现有pingback

结束
标签: pingbacks   小码农  

相关推荐

pingbacks testing

关于新wp安装(3.0.4)中PBs的功能测试,我有几个问题:发布帖子时是立即发送pingback,还是将其安排为cron作业?如果后者正确,作业多久运行一次,我可以手动触发它吗?除了将“尝试通知文章中链接到的任何博客”设置为“开”,当然还有帖子内容中指向另一个博客的链接之外,还有其他关于发送PBs的术语吗?(例如,发件人的帖子应该是公开的而不是私有的吗?博客应该是非私有的吗?)出站链接应该放在帖子内容中,还是可以放在帖子的自定义字段中,以便发送PB?如果我的博客中没有发送或接收PBs,那么调试和检测问题