wordpress.conf disable xmlrpc service by default #316

RebelliousWhiz · 2021-12-29T07:50:01Z

Sorry for not following the template. It's a straightforward question.

By enabling "WordPress-specific rules", the following codes will be added to the wordpress.conf:

# WordPress: deny general stuff
location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|readme\.html|license\.txt)$ {
    deny all;
}

However, this disables xmlrpc feature, which disables WordPress mobile and desktop applications to access the site.

Should we consider adding a notice or make it optional?

The text was updated successfully, but these errors were encountered:

MattIPv4 · 2021-12-29T16:26:35Z

Hey! I think either would be a good solution here -- there should be patterns in the source already for showing warnings to a user, or a secondary toggle option would also be a good way to solve this.

RebelliousWhiz · 2021-12-29T18:52:49Z

Hi Matt! Considering most people using nginxconfig.io are noobs (I am a 100% noob also), I'd say it's better to have a secondary toggle option and add some comments.

For example:

[ ] Allow xmlrpc access

xmlrpc allows you to control WordPress sites by using WordPress applications or other plugins (like Jetpack) if you use them.

Regards,
Andy

MattIPv4 added enhancement good first issue help wanted hacktoberfest labels Dec 29, 2021

digitalocean deleted a comment from brownsmyrna54 Feb 7, 2022

digitalocean / nginxconfig.io Public

wordpress.conf disable xmlrpc service by default #316

wordpress.conf disable xmlrpc service by default #316

RebelliousWhiz commented Dec 29, 2021

MattIPv4 commented Dec 29, 2021

RebelliousWhiz commented Dec 29, 2021

Feb	MAR	Apr
	21
2021	2022	2023

digitalocean / nginxconfig.io Public

wordpress.conf disable xmlrpc service by default #316

wordpress.conf disable xmlrpc service by default #316

Comments

RebelliousWhiz commented Dec 29, 2021

MattIPv4 commented Dec 29, 2021

RebelliousWhiz commented Dec 29, 2021