XML-RPC pingbacks in WordPress can be frustrating when they don’t work as expected. This guide explains how pingbacks work, common reasons for failures, and step-by-step solutions to get them working between your WordPress sites.
How WordPress XML-RPC and Pingbacks Work
WordPress uses the xmlrpc.php file to handle remote procedure calls, including pingbacks. Here’s the basic workflow:
- Site A publishes a post linking to Site B
- Site A sends a pingback notification to Site B’s
xmlrpc.php - Site B verifies the link and creates a pingback comment
Common Reasons for Pingback Failures
If your pingbacks aren’t working between your WordPress sites, check these common issues:
1. XML-RPC is Disabled
Some hosts or security plugins disable XML-RPC. Test if it’s enabled:
curl -X POST -d "<?xml version='1.0'?><methodCall><methodName>demo.sayHello</methodName><params></params></methodCall>" https://yoursite.com/xmlrpc.php
You should get an XML response. If you get a 403 error, XML-RPC is blocked.
2. Pingbacks Disabled in WordPress Settings
Verify both sites have pingbacks enabled:
- Settings → Discussion → “Allow link notifications from other blogs (pingbacks and trackbacks)”
- The individual post must have pingbacks enabled
3. Firewall or Security Plugin Blocking
Plugins like Wordfence or iThemes Security may block XML-RPC requests. Check:
- Security plugin settings for XML-RPC restrictions
- Server firewall rules (mod_security, Cloudflare, etc.)
4. Domain or IP Restrictions
WordPress doesn’t restrict pingbacks by default, but these might interfere:
DISALLOW_UNFILTERED_HTMLin wp-config.php- DNS or hosting-level IP restrictions
- CORS policies if testing locally
How to Fix Pingback Issues
Solution 1: Enable XML-RPC
If disabled by a plugin, add to wp-config.php:
define('XMLRPC_REQUEST', true);
Solution 2: Bypass Security Restrictions
Temporarily disable security plugins and test. For Wordfence:
- Go to Wordfence → Firewall
- Click “Whitelisted URLs”
- Add
/xmlrpc.php
Solution 3: Manual Pingback Test
Send a manual pingback request to verify functionality:
curl -X POST -d "<?xml version='1.0'?><methodCall><methodName>pingback.ping</methodName><params><param><value><string>https://site1.com/post-url</string></value></param><param><value><string>https://site2.com/linked-post</string></value></param></params></methodCall>" https://site2.com/xmlrpc.php
Solution 4: Check Server Logs
Examine server error logs for blocked requests:
- Apache:
/var/log/apache2/error.log - Nginx:
/var/log/nginx/error.log
Advanced Troubleshooting
If pingbacks still fail:
- Test with the Pingback Tester plugin
- Verify both sites have valid, accessible domains (no localhost)
- Check that the linked URL exists and is publicly accessible
- Ensure no caching plugins are serving stale content
Security Considerations
While fixing pingbacks, be aware that XML-RPC can be abused for:
- Brute force attacks
- DDoS amplification
- Spam pingbacks
Recommended security measures:
// Limit XML-RPC to pingbacks only
add_filter('xmlrpc_methods', function($methods) {
return array('pingback.ping' => $methods['pingback.ping']);
});
With these troubleshooting steps, you should be able to identify and resolve your WordPress pingback issues. Remember to test after each change to isolate the problem.