You can totally swap out the class that runs the xmlrpc server. So create a subclass of wp_xmlrpc_server
, use it for the xmlrpc server class, and use all the protected methods you like.
Example (not tested, use with caution):
<?php
class WPSE69959_XMLRPC_Sever extends wp_xmlrpc_server
{
// override the constructor to add your own methods.
public function __construct()
{
add_filter('xmlrpc_methods', array(__CLASS__, '_add_methods'));
// call the parent constructor to set up the other methods
parent::__construct();
}
public static function _add_methods($methods)
{
$methods['say_hello_two'] = 'this:say_hello_two';
return $methods;
}
public function say_hello_two($args)
{
// do stuff with protected methods here!
}
}
// swap out the classes
add_filter('wp_xmlrpc_server_class', 'wpse69959_swap_class');
function wpse69959_swap_class($cls)
{
return 'WPSE69959_XMLRPC_Sever';
}
To answer your question, it’s protected because it’s meant to be an internal method. There would be no reason for someone outside the wp_xmlrpc_server
class to use that method, so there’s no reason for it to be public. Furthermore, the way it’s implemented may cause unintentional side effects (like an error being set/sent) if it was used by an untrusted source — eg. someone outside the wp_xmlrpc_server
class.