Skip to content Skip to sidebar Skip to footer
Reading Time: 3 minutes

Today I’m going to show how to remotely publish post using xml-rpc of the wordpress.This is actually very simple and powerful.If you want to publish posts or pages without log into the wordpress admin panel you can use this method.First we’ll consider what is this XML-RPC and it’s usages.

What is this XML-RPC?

XML-RPC is a protocol for remote process calls which makes use of XML for the data exchange and it principally makes use of HTTP for the actual call.
In XML-RPC the client that wishes to make a call to a remote technique the input parameters in the form of XML and sends it through an HTTP request to a remote server implementing the XML-RPC protocol.
The distant/remote server implementing the XML-RPC protocol will get the request after which performs the remote technique and returns the end result again in XML format.
You can find more information from XML-RPC WordPress API

Advantages and Usages of XML-RPC

WordPress XML-RPC server supports multiple types on APIs for XML-RPC. Following are the types of APIs that WordPress XML-RPC server supports:

  • WordPress API
  • Blogger API
  • MetaWeblog API
  • MovableType API
  • PingBack API


  • Get post or posts details
  • Add new post or multiple posts
  • Edit posts
  • Delete posts
  • Get posts types
  • Get post formats
  • Get post status list

Disadvantages of XML-RPC

Hackers can attack to your site using this class-wp-xmlrpc-server.php file to access the web site.So you must add security settings to prevent that.Mostly,

  • Hijacks your website without your knowledge
  • Uses your site for a DDoS attack
  • Potentially gets your domain labelled as a spammer

How to stop that?

You can Add a filter to functions.php,prevent access to XMLRPC.php using .htaccess,use a plugin for this.We’ll talk about this in next post.
Enough.Let’s see how to remotely publish post using XML-RPC.
First of all you must enable the XML-RPC in WordPress.

Enable XML-RPC in WordPress 3.4 and below

Due to the security reasons in WordPress versions 3.4 and below, XML-RPC has been disabled by default.
To enable XML–RPC:
1-Log into your WordPress Admin panel.
2-On the sidebar, select Settings and then Writing
3-Check the box next to XML-RPC
Enable XML-RPC in WordPress
4-Save your settings

Enable XML-RPC in WordPress 3.5 and new versions

WordPress has resolved the security issues related to XML–RPC and it is enabled by default. You do not need to do anything to publish to your WordPress blog remotely.

How to remotely publish post using XML-RPC?

I’ll write the function here to do this.Then you can send parameters to it.

// This will publish the posts.
function publish_post_xmlrpc($request,$BLOGURL) {
		//Initializing CURL
		$ch = curl_init();
		//The URL to be downloaded is set
		curl_setopt($ch, CURLOPT_URL, $BLOGURL."/xmlrpc.php");
		curl_setopt($ch, CURLOPT_HEADER, false);
		curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: text/xml"));
		curl_setopt($ch, CURLOPT_POSTFIELDS, $request);
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // this will return the post id
		//Now execute the CURL, download the URL specified
		$response = curl_exec($ch);
 		$response = xmlrpc_decode($response);
		if(isset($response)) {
			return $response;
// Site url only.NOT the sitelogin url
// post details
$title = 'This is remote post title';
$description  = 'Remote post contents is goes here';
//Forming the content of blog post
$content['title'] = $title;
$content['description'] = $description;
$content['categories'] = array(1);
// category id.You can send category ids as array
$content['post_status'] = 'publish'; // publish | pending | draft
// process begin
$toPublish = true;//Whether the post has to be published
$request = xmlrpc_encode_request("metaWeblog.newPost",array(0,$USERNAME, $PASSWORD, $content, true));
// call to the remote function
$postID = publish_post_xmlrpc($request,$BLOGURL); // return the post id

Further, I’ll show the main xml-rpc function to identify what are the functions we can use there.

function wp_xmlrpc_server() {
    $this->methods = array(
        // WordPress API
        'wp.getUsersBlogs'      => 'this:wp_getUsersBlogs',
        'wp.getPage'            => 'this:wp_getPage',
        'wp.getPages'           => 'this:wp_getPages',
        'wp.newPage'            => 'this:wp_newPage',
        'wp.deletePage'         => 'this:wp_deletePage',
        'wp.editPage'           => 'this:wp_editPage',
        'wp.getPageList'        => 'this:wp_getPageList',
        'wp.getAuthors'         => 'this:wp_getAuthors',
        'wp.getCategories'      => 'this:mw_getCategories',      // Alias
        'wp.getTags'            => 'this:wp_getTags',
        'wp.newCategory'        => 'this:wp_newCategory',
        'wp.deleteCategory'     => 'this:wp_deleteCategory',
        'wp.suggestCategories'  => 'this:wp_suggestCategories',
        'wp.uploadFile'         => 'this:mw_newMediaObject', // Alias
        'wp.getCommentCount'    => 'this:wp_getCommentCount',
        'wp.getPostStatusList'  => 'this:wp_getPostStatusList',
        'wp.getPageStatusList'  => 'this:wp_getPageStatusList',
        'wp.getPageTemplates'   => 'this:wp_getPageTemplates',
        'wp.getOptions'         => 'this:wp_getOptions',
        'wp.setOptions'         => 'this:wp_setOptions',
        'wp.getComment'         => 'this:wp_getComment',
        'wp.getComments'        => 'this:wp_getComments',
        'wp.deleteComment'      => 'this:wp_deleteComment',
        'wp.editComment'        => 'this:wp_editComment',
        'wp.newComment'         => 'this:wp_newComment',
        'wp.getCommentStatusList' => 'this:wp_getCommentStatusList',
        'wp.getMediaItem'       => 'this:wp_getMediaItem',
        'wp.getMediaLibrary'    => 'this:wp_getMediaLibrary',
        'wp.getPostFormats'     => 'this:wp_getPostFormats',
        // Blogger API
        'blogger.getUsersBlogs' => 'this:blogger_getUsersBlogs',
        'blogger.getUserInfo' => 'this:blogger_getUserInfo',
        'blogger.getPost' => 'this:blogger_getPost',
        'blogger.getRecentPosts' => 'this:blogger_getRecentPosts',
        'blogger.getTemplate' => 'this:blogger_getTemplate',
        'blogger.setTemplate' => 'this:blogger_setTemplate',
        'blogger.newPost' => 'this:blogger_newPost',
        'blogger.editPost' => 'this:blogger_editPost',
        'blogger.deletePost' => 'this:blogger_deletePost',
        // MetaWeblog API (with MT extensions to structs)
        'metaWeblog.newPost' => 'this:mw_newPost',
        'metaWeblog.editPost' => 'this:mw_editPost',
        'metaWeblog.getPost' => 'this:mw_getPost',
        'metaWeblog.getRecentPosts' => 'this:mw_getRecentPosts',
        'metaWeblog.getCategories' => 'this:mw_getCategories',
        'metaWeblog.newMediaObject' => 'this:mw_newMediaObject',
        // MetaWeblog API aliases for Blogger API
        // see$2460
        'metaWeblog.deletePost' => 'this:blogger_deletePost',
        'metaWeblog.getTemplate' => 'this:blogger_getTemplate',
        'metaWeblog.setTemplate' => 'this:blogger_setTemplate',
        'metaWeblog.getUsersBlogs' => 'this:blogger_getUsersBlogs',
        // MovableType API
        'mt.getCategoryList' => 'this:mt_getCategoryList',
        'mt.getRecentPostTitles' => 'this:mt_getRecentPostTitles',
        'mt.getPostCategories' => 'this:mt_getPostCategories',
        'mt.setPostCategories' => 'this:mt_setPostCategories',
        'mt.supportedMethods' => 'this:mt_supportedMethods',
        'mt.supportedTextFilters' => 'this:mt_supportedTextFilters',
        'mt.getTrackbackPings' => 'this:mt_getTrackbackPings',
        'mt.publishPost' => 'this:mt_publishPost',
        // PingBack
        '' => 'this:pingback_ping',
        'pingback.extensions.getPingbacks' => 'this:pingback_extensions_getPingbacks',
        'demo.sayHello' => 'this:sayHello',
        'demo.addTwoNumbers' => 'this:addTwoNumbers'

That’s all.Hope you understand well. Happy coding. 🙂