XML-RPC for WordPress Developers

    Narayan Prusty
    Narayan Prusty

    XML-RPC is a remote procedure call (one process calling the function of another process via a remote connection) protocol which uses XML to represent data and HTTP to make the calls. Although applications can explicitly provide their own REST APIs for RPC, a standard protocol can help security and provide many other benefits. For example, developers don’t have to design a REST API architecture from scratch and also a single client can be used to make remote procedure calls to various server applications which support the standard protocol. Therefore, XML-RPC was introduced as a standard protocol for RPC. XML-RPC for WordPress In this tutorial we’ll look at the different core WordPress functions which can be executed remotely using XML-RPC. This can help us to build tools which can perform various operations on a WordPress installation. One of the greatest examples of this is the WordPress Mobile App.

    Overview of an XML-RPC Protocol Request and Response

    To make an XML-RPC request you need to wrap the remote function name and parameters in XML format and then send a POST request using HTTP. This is an example of a XML-RPC HTTP request:
    POST /xmlrpc HTTP 1.0
    User-Agent: myXMLRPCClient/1.0
    Content-Type: text/xml
    Content-Length: 169
    <?xml version="1.0"?>
    Here’s a sample response to the above request:
    HTTP/1.1 200 OK
    Date: Sat, 06 Oct 2001 23:20:04 GMT
    Server: Apache.1.3.12 (Unix)
    Connection: close
    Content-Type: text/xml
    Content-Length: 124
    <?xml version="1.0"?>
    In this tutorial we’ll use PHP to send XML-RPC requests to WordPress and display the raw response. We would generally write code to wrap our function name and parameters in XML format and then make an HTTP request using cURL, but writing code for this from scratch is lengthy. Instead we can use the PHPXMLRPC library, which provides abstraction to all of these steps and lets us make XML-RPC requests much more easily. XML-RPC libraries are available for all popular programming languages, you can find one for your preferred language using your favorite search engine.

    WordPress XML-RPC Functions

    There are lots of WordPress core functions that WordPress exposes via XML-RPC. All of the XML-RPC exposed functions are categorized into 9 categories: Posts, Taxonomies, Media, Comments, Options, Users, Categories, Tags and Pages.

    A List of the Functions

    Here’s the complete list of all functions: Posts functions: Available from WordPress 3.4. Here is the list of functions that belong to posts category:
    Taxonomies functions: Available from WordPress 3.4. Here is the list of functions that belong to taxonomies category:
    Media functions: Available from WordPress 3.1. Here is the list of functions that belong to taxonomies category:
    Comments functions: Available from WordPress 2.7. Here is the list of functions that belong to the comments category:
    Options functions
    : Available from WordPress 2.6. Here is the list of functions that belong to the options category:
    Users functions: Available from WordPress 3.5. Here is the list of functions that belong to the users category:
    Categories functions: Available from WordPress 3.4. Here is the list of functions that belong to the categories category:
    Tags functions: Available from WordPress 3.4. Here is the list of functions that belong to the tags category:
    Pages functions: Available from WordPress 3.4. Here is the list of functions that belong to the pages category:
    All of the category names and function names, as well as the use and purposes are quite self explanatory. Let’s see some examples of the above functions:

    Getting a List of WordPress Authors

    Here is the code to get list of all authors of a remote WordPress installation using PHP:
    $function_name = "wp.getAuthors";
    $url = "https://www.sitepoint.com/xmlrpc.php";
    $client = new xmlrpc_client($url);
    $client->return_type = "phpvals";
    $message = new xmlrpcmsg($function_name, array(new xmlrpcval(0, "int"), new xmlrpcval("username", "string"), new xmlrpcval("password", "string")));
    $resp = $client->send($message);
    if ($resp->faultCode()) echo 'KO. Error: '.$resp->faultString(); else foreach ($resp->val as $key => $value) {
    echo "User id: " . $value["user_id"];
    echo "<br><br>";
    echo "Username: " . $value["user_login"];
    echo "<br><br>";
    echo "Display name: " . $value["display_name"];
    echo "<br><br>";
    Let’s see how the above code works:
    • First we included PHPXMLRPC library.
    • Then we create a variable $function_name to hold the function name.
    • We created an another variable which points to the xmlrpc.php file of the WordPress installation. This file always exists in the root of WordPress.
    • Then we create an XML-RPC client object and pass the URL to the constructor.
    • We then instruct the library to convert the response data into a PHP array variable so it will be easy to read and work with the response data. Working with raw XML response data will be difficult as we have to parse the XML.
    • Then we construct a request message object with the parameters for the wp.getAuthors function. First parameters is the blog id, the other two parameters are the username and password of the administrator.
    • Next, we send the XML-RPC request.
    • Finally we get the response. If there’s an error we display the error, otherwise we loop the response object’s value property to print the authors basic information.

    Creating a Post

    We just saw how easy it is to retrieve a list of authors, here’s how you can create a post:
    $function_name = "wp.newPost";
    $url = "https://www.sitepoint.com/xmlrpc.php";
    $client = new xmlrpc_client($url);
    $client->return_type = 'phpvals';
    $message = new xmlrpcmsg(
    new xmlrpcval(0, "int"),
    new xmlrpcval("my_cool_username", "string"),
    new xmlrpcval("my_super_secret_password", "string"),
    new xmlrpcval(
    "post_type" => new xmlrpcval("post", "string"),
    "post_status" => new xmlrpcval("draft", "string"),
    "post_title" => new xmlrpcval("Sitepoint is Awesome", "string"),
    "post_author" => new xmlrpcval(1, "int"),
    "post_excerpt" => new xmlrpcval("excerpt", "string"),
    "post_content" => new xmlrpcval("content", "string")
    $resp = $client->send($message);
    if ($resp->faultCode()) echo 'KO. Error: '.$resp->faultString(); else echo "Post id is: " . $resp->value();
    Here, we called the function wp.newPost
    . Along with the blog id, username and password. We also passed a struct type containing post type, status, title, content, author and excerpt.

    Note: Detecting the XML-RPC Request

    A quick note: If you’re a plugin or theme developer, then you might want your code to function differently for XML-RPC requests. WordPress allows a way for themes and plugin to detect if WordPress is processing a XML-RPC request. Here is the code to detect XML-RPC requests:
    // XML-RPC request
    // Normal HTTP request


    In this article we covered the fundamentals of XML-RPC for WordPress, including the basics of XML-RPC and how WordPress exposes this protocol. We also demonstrated how to perform various operations on a WordPress installation using XML-RPC. You can now create a mobile, desktop or a web application XML-RPC client for WordPress.

    Frequently Asked Questions (FAQs) about XML-RPC for WordPress Developers

    What is XML-RPC in WordPress and why is it important?

    XML-RPC is a remote procedure call (RPC) protocol encoded in XML. In the context of WordPress, it allows external applications to communicate with the WordPress platform. This means you can manage your WordPress site using external apps or software. For instance, you can create a new post, edit an existing one, or even delete a post using an external application. This makes it easier for developers to manage and update their WordPress sites remotely.

    Is XML-RPC secure to use in WordPress?

    While XML-RPC provides a convenient way to manage your WordPress site remotely, it has been a target for hackers in the past. However, WordPress has taken steps to secure XML-RPC by implementing measures such as limiting the number of login attempts via XML-RPC. It’s also recommended to use plugins that can further secure XML-RPC or disable it when not in use.

    How can I enable or disable XML-RPC in WordPress?

    By default, XML-RPC is enabled in WordPress. However, if you want to disable it, you can use plugins like “Disable XML-RPC” or “XML-RPC Deactivated”. To enable it, simply deactivate these plugins. Always remember to backup your site before making such changes.

    Can I use XML-RPC with other programming languages?

    Yes, XML-RPC is language agnostic, meaning it can be used with any programming language that supports XML parsing and HTTP requests. This includes languages like Python, Java, PHP, and many more.

    What are some common methods used in XML-RPC for WordPress?

    Some common methods used in XML-RPC for WordPress include wp.getPosts (to retrieve posts), wp.newPost (to create a new post), wp.editPost (to edit an existing post), and wp.deletePost (to delete a post). These methods allow developers to manage their WordPress sites remotely.

    How can I test XML-RPC functionality in WordPress?

    You can test XML-RPC functionality in WordPress using various tools and libraries. For instance, you can use the “XML-RPC Client” tool to send requests to your WordPress site and view the responses.

    What is the future of XML-RPC in WordPress?

    The future of XML-RPC in WordPress is uncertain. With the introduction of the REST API in WordPress, many developers have started to shift towards it due to its more modern and flexible approach. However, XML-RPC is still supported and used by many developers.

    Can I use XML-RPC to manage comments in WordPress?

    Yes, you can use XML-RPC to manage comments in WordPress. Methods like wp.getComments allow you to retrieve comments, while methods like wp.newComment allow you to create new comments.

    What are some alternatives to XML-RPC in WordPress?

    One of the main alternatives to XML-RPC in WordPress is the REST API. The REST API is a more modern and flexible approach to remote communication with WordPress. It uses JSON instead of XML, which is easier to read and write.

    Can I use XML-RPC to manage users in WordPress?

    Yes, you can use XML-RPC to manage users in WordPress. Methods like wp.getUsers allow you to retrieve users, while methods like wp.newUser allow you to create new users.