# Security
Harden a WordPress application: block XML-RPC, block PHP execution in uploads, and verify core file checksums.
Requires the WordPress Toolkit add-on.
# Toggle XML-RPC
Block or allow xmlrpc.php at the web server level.
# HTTP Request:
PATCH https://api.serveravatar.com/organizations/{organization}/servers/{server}/applications/{application}/wordpress-toolkit/xmlrpc/toggle
# Parameter:
| Parameter | Required | Type | Description |
|---|---|---|---|
| action | Yes | String | enable to block XML-RPC; disable to allow |
# Toggle PHP Execution in Uploads
Block or allow PHP execution under wp-content/uploads.
# HTTP Request:
PATCH https://api.serveravatar.com/organizations/{organization}/servers/{server}/applications/{application}/wordpress-toolkit/php-execution-upload-directory/toggle
# Parameter:
| Parameter | Required | Type | Description |
|---|---|---|---|
| action | Yes | String | enable to block PHP in uploads; disable to allow |
# Verify Core Checksums
Compare installed WordPress core files against official release checksums.
# HTTP Request:
GET https://api.serveravatar.com/organizations/{organization}/servers/{server}/applications/{application}/wordpress-toolkit/checksums/verify
# Curl Request Example:
curl --request GET \
--url "https://api.serveravatar.com/organizations/5/servers/15/applications/93/wordpress-toolkit/checksums/verify" \
--header 'content-type: application/json' \
--header 'Authorization: <YOUR API TOKEN>'
# Response:
# Successful Response
- 200 (Ok)
{
"response": {
"output": "",
"status": "success"
}
}
The response object lists files that do not match official checksums, if any.