digitalocean/nginxconfig.io

wordpress.conf disable xmlrpc service by default

Open

#316 opened on Dec 29, 2021

View on GitHub
 (5 comments) (0 reactions) (0 assignees)JavaScript (26,979 stars) (1,978 forks)batch import
enhancementgood first issuehacktoberfesthelp wanted

Description

Sorry for not following the template. It's a straightforward question.

By enabling "WordPress-specific rules", the following codes will be added to the wordpress.conf:

# WordPress: deny general stuff
location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|readme\.html|license\.txt)$ {
    deny all;
}

However, this disables xmlrpc feature, which disables WordPress mobile and desktop applications to access the site.

Should we consider adding a notice or make it optional?

Contributor guide

Tech stack
javascript
Domain
devops
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
2
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-3 hours
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
None
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
85
Research direction
Examine the existing wordpress.conf template in the project to understand where the XML RPC block rule is defined. Review the comments on the issue for any maintainer suggestions or concerns. Consider adding a checkbox in the WordPress configuration section to optionally disable XML RPC blocking, and update the template accordingly. Also, include a notice about the impact on mobile/desktop applications.
wordpress.conf disable xmlrpc service by default · digitalocean/nginxconfig.io#316 | Good First Issue