Code PHP

What is a Dependency Injector

Sounds like a simple question right? I have had this question a number of times, and I had to question my self. What is the actually definition of this term? I know I use this design pattern, but how do I put it in words? Turns out it is actually pretty simple.

A great quote I found is:

“Dependency Injection is where components are given their dependencies through their constructors, methods, or directly into fields.”

What does that mean? take for example is a user class needs to use the session class. Instead of creating a new instance of the session with in the user, it is created outside of the user class and then pass in via the constructor (or a method or directly into fields)

I found this site did a good job of explaining it with examples

Code PHP

Disabling WordPress XMLRPC.php

One of the sites that we manage was getting a large amount of traffic to xmlrpc.php reported by It was causing the database connection to fall over and was bringing down the site. As we are not using this functionality on our site we can assume this traffic is suspicions.

“XML-RPC is a simple, portable way to make remote procedure calls over HTTP. It can be used with Perl, Java, Python, C, C++, PHP and many other programming languages. Implementations are available for Unix, Windows and the Macintosh.”

A quick google search also brings back a lot of results of WordPress XML-RPC exploits, including New Brute Force Attacks Exploiting XMLRPC in WordPress.

Since wordpress 3.5 they have enabled xmlprc by default and don’t let you disable it via the admin anymore. As the site was down we wanted to get the site back up and running. The easiest way to do this was to blocked all traffic to xmlrpc.php via .htaccess with the following code:

<Files "xmlrpc.php">
Order Allow,Deny
deny from all

A bit of a search turned up a way to also disable to module. By simply adding the following to your themes functions.php we are able to turn it off.

add_filter( 'xmlrpc_enabled', '__return_false' );

There is also a plugin for this, though all it does is the above. So if you don’t want heaps of plugins just add the above code to your functions.php.

A quick restart of apache to kick all the users and traffic returned to normal.

So unless you are using XML-RPC I recommend disabling it.


It appears XML-RPC can also be used to perform DoS attacks on old versions of WordPress.