wordpress.conf disable xmlrpc service by default · digitalocean/nginxconfig.io#316

(5 comments) (0 reactions) (0 assignees)JavaScript (26,979 stars) (1,978 forks)batch import

enhancementgood first issuehacktoberfesthelp wanted

説明

Sorry for not following the template. It's a straightforward question.

By enabling "WordPress-specific rules", the following codes will be added to the wordpress.conf:

# WordPress: deny general stuff
location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|readme\.html|license\.txt)$ {
    deny all;
}

However, this disables xmlrpc feature, which disables WordPress mobile and desktop applications to access the site.

Should we consider adding a notice or make it optional?

コントリビューターガイド

技術スタック: javascript
領域: devops
Issue 種別: feature
難度: 2
推定時間: 1-3 hours
活動状況: stale
明確さ: clear
前提条件: なし
初心者向け度: 85
調査方針: Examine the existing wordpress.conf template in the project to understand where the XML RPC block rule is defined. Review the comments on the issue for any maintainer suggestions or concerns. Consider adding a checkbox in the WordPress configuration section to optionally disable XML RPC blocking, and update the template accordingly. Also, include a notice about the impact on mobile/desktop applications.