Key Takeaways
- XML-RPC is a remote procedure call protocol that uses XML to represent data and HTTP to make calls. It allows developers to execute core WordPress functions remotely, making it possible to build tools that can perform various operations on a WordPress installation.
- WordPress exposes a wide array of core functions via XML-RPC, categorized into nine groups: Posts, Taxonomies, Media, Comments, Options, Users, Categories, Tags, and Pages. These functions can be used to perform operations such as retrieving posts or authors, creating a new post, and managing comments or users.
- While XML-RPC provides a convenient way to manage WordPress sites remotely, it has been a target for hackers in the past. WordPress has taken steps to secure XML-RPC, such as limiting the number of login attempts via XML-RPC. It is recommended to use plugins that can further secure XML-RPC or disable it when not in use.
In this tutorial we’ll look at the different core WordPress functions which can be executed remotely using XML-RPC. This can help us to build tools which can perform various operations on a WordPress installation. One of the greatest examples of this is the WordPress Mobile App.
Overview of an XML-RPC Protocol Request and Response
To make an XML-RPC request you need to wrap the remote function name and parameters in XML format and then send a POST request using HTTP. This is an example of a XML-RPC HTTP request:POST /xmlrpc HTTP 1.0
User-Agent: myXMLRPCClient/1.0
Host: 192.168.124.2
Content-Type: text/xml
Content-Length: 169
<?xml version="1.0"?>
<methodCall>
<methodName>circleArea</methodName>
<params>
<param>
<value><double>2.41</double></value>
</param>
</params>
</methodCall>HTTP/1.1 200 OK
Date: Sat, 06 Oct 2001 23:20:04 GMT
Server: Apache.1.3.12 (Unix)
Connection: close
Content-Type: text/xml
Content-Length: 124
<?xml version="1.0"?>
<methodResponse>
<params>
<param>
<value><double>18.24668429131</double></value>
</param>
</params>
</methodResponse>WordPress XML-RPC Functions
There are lots of WordPress core functions that WordPress exposes via XML-RPC. All of the XML-RPC exposed functions are categorized into 9 categories: Posts, Taxonomies, Media, Comments, Options, Users, Categories, Tags and Pages.A List of the Functions
Here’s the complete list of all functions: Posts functions: Available from WordPress 3.4. Here is the list of functions that belong to posts category:wp.getPost
wp.getPosts
wp.newPost
wp.editPost
wp.deletePost
wp.getPostType
wp.getPostTypes
wp.getPostFormats
wp.getPostStatusList
wp.getTaxonomy
wp.getTaxonomies
wp.getTerm
wp.getTerms
wp.newTerm
wp.editTerm
wp.deleteTerm
wp.getMediaItem
wp.getMediaLibrary
wp.uploadFile
wp.getCommentCount
wp.getComment
wp.getComments
wp.newComment
wp.editComment
wp.deleteComment
wp.getCommentStatusList
wp.getOptions
wp.setOptions
wp.getUsersBlogs
wp.getUser
wp.getUsers
wp.getProfile
wp.editProfile
wp.getAuthors
wp.getCategories
wp.suggestCategories
wp.newCategory
wp.deleteCategory
wp.getTags
wp.getPage
wp.getPages
wp.getPageList
wp.newPage
wp.editPage
wp.deletePage
wp.getPageStatusList
wp.getPageTemplates
Getting a List of WordPress Authors
Here is the code to get list of all authors of a remote WordPress installation using PHP:<?php
include("lib/xmlrpc.inc");
$function_name = "wp.getAuthors";
$url = "https://www.sitepoint.com/xmlrpc.php";
$client = new xmlrpc_client($url);
$client->return_type = "phpvals";
$message = new xmlrpcmsg($function_name, array(new xmlrpcval(0, "int"), new xmlrpcval("username", "string"), new xmlrpcval("password", "string")));
$resp = $client->send($message);
if ($resp->faultCode()) echo 'KO. Error: '.$resp->faultString(); else foreach ($resp->val as $key => $value) {
echo "User id: " . $value["user_id"];
echo "<br><br>";
echo "Username: " . $value["user_login"];
echo "<br><br>";
echo "Display name: " . $value["display_name"];
echo "<br><br>";
};
?>- First we included PHPXMLRPC library.
- Then we create a variable
$function_nameto hold the function name. - We created an another variable which points to the
xmlrpc.phpfile of the WordPress installation. This file always exists in the root of WordPress. - Then we create an XML-RPC client object and pass the URL to the constructor.
- We then instruct the library to convert the response data into a PHP array variable so it will be easy to read and work with the response data. Working with raw XML response data will be difficult as we have to parse the XML.
- Then we construct a request message object with the parameters for the
wp.getAuthorsfunction. First parameters is the blog id, the other two parameters are the username and password of the administrator. - Next, we send the XML-RPC request.
- Finally we get the response. If there’s an error we display the error, otherwise we loop the response object’s value property to print the authors basic information.
Creating a Post
We just saw how easy it is to retrieve a list of authors, here’s how you can create a post:<?php
include("lib/xmlrpc.inc");
$function_name = "wp.newPost";
$url = "https://www.sitepoint.com/xmlrpc.php";
$client = new xmlrpc_client($url);
$client->return_type = 'phpvals';
$message = new xmlrpcmsg(
$function_name,
array(
new xmlrpcval(0, "int"),
new xmlrpcval("my_cool_username", "string"),
new xmlrpcval("my_super_secret_password", "string"),
new xmlrpcval(
array(
"post_type" => new xmlrpcval("post", "string"),
"post_status" => new xmlrpcval("draft", "string"),
"post_title" => new xmlrpcval("Sitepoint is Awesome", "string"),
"post_author" => new xmlrpcval(1, "int"),
"post_excerpt" => new xmlrpcval("excerpt", "string"),
"post_content" => new xmlrpcval("content", "string")
),
"struct"
)
)
);
$resp = $client->send($message);
if ($resp->faultCode()) echo 'KO. Error: '.$resp->faultString(); else echo "Post id is: " . $resp->value();
?>wp.newPost. Along with the blog id, username and password. We also passed a struct type containing post type, status, title, content, author and excerpt.
Note: Detecting the XML-RPC Request
A quick note: If you’re a plugin or theme developer, then you might want your code to function differently for XML-RPC requests. WordPress allows a way for themes and plugin to detect if WordPress is processing a XML-RPC request. Here is the code to detect XML-RPC requests:if(defined('XMLRPC_REQUEST'))
{
// XML-RPC request
}
else
{
// Normal HTTP request
}Conclusion
In this article we covered the fundamentals of XML-RPC for WordPress, including the basics of XML-RPC and how WordPress exposes this protocol. We also demonstrated how to perform various operations on a WordPress installation using XML-RPC. You can now create a mobile, desktop or a web application XML-RPC client for WordPress.Frequently Asked Questions (FAQs) about XML-RPC for WordPress Developers
What is XML-RPC in WordPress and why is it important?
XML-RPC is a remote procedure call (RPC) protocol encoded in XML. In the context of WordPress, it allows external applications to communicate with the WordPress platform. This means you can manage your WordPress site using external apps or software. For instance, you can create a new post, edit an existing one, or even delete a post using an external application. This makes it easier for developers to manage and update their WordPress sites remotely.
Is XML-RPC secure to use in WordPress?
While XML-RPC provides a convenient way to manage your WordPress site remotely, it has been a target for hackers in the past. However, WordPress has taken steps to secure XML-RPC by implementing measures such as limiting the number of login attempts via XML-RPC. It’s also recommended to use plugins that can further secure XML-RPC or disable it when not in use.
How can I enable or disable XML-RPC in WordPress?
By default, XML-RPC is enabled in WordPress. However, if you want to disable it, you can use plugins like “Disable XML-RPC” or “XML-RPC Deactivated”. To enable it, simply deactivate these plugins. Always remember to backup your site before making such changes.
Can I use XML-RPC with other programming languages?
Yes, XML-RPC is language agnostic, meaning it can be used with any programming language that supports XML parsing and HTTP requests. This includes languages like Python, Java, PHP, and many more.
What are some common methods used in XML-RPC for WordPress?
Some common methods used in XML-RPC for WordPress include wp.getPosts (to retrieve posts), wp.newPost (to create a new post), wp.editPost (to edit an existing post), and wp.deletePost (to delete a post). These methods allow developers to manage their WordPress sites remotely.
How can I test XML-RPC functionality in WordPress?
You can test XML-RPC functionality in WordPress using various tools and libraries. For instance, you can use the “XML-RPC Client” tool to send requests to your WordPress site and view the responses.
What is the future of XML-RPC in WordPress?
The future of XML-RPC in WordPress is uncertain. With the introduction of the REST API in WordPress, many developers have started to shift towards it due to its more modern and flexible approach. However, XML-RPC is still supported and used by many developers.
Can I use XML-RPC to manage comments in WordPress?
Yes, you can use XML-RPC to manage comments in WordPress. Methods like wp.getComments allow you to retrieve comments, while methods like wp.newComment allow you to create new comments.
What are some alternatives to XML-RPC in WordPress?
One of the main alternatives to XML-RPC in WordPress is the REST API. The REST API is a more modern and flexible approach to remote communication with WordPress. It uses JSON instead of XML, which is easier to read and write.
Can I use XML-RPC to manage users in WordPress?
Yes, you can use XML-RPC to manage users in WordPress. Methods like wp.getUsers allow you to retrieve users, while methods like wp.newUser allow you to create new users.
Narayan PrustyNarayan is a web astronaut. He is the founder of QNimate. He loves teaching. He loves to share ideas. When not coding he enjoys playing football. You will often find him at QScutter classes.
