wordpress.conf disable xmlrpc service by default · digitalocean/nginxconfig.io#316

(5 留言) (0 反應) (0 負責人)JavaScript (26,979 star) (1,978 fork)batch import

enhancementgood first issuehacktoberfesthelp wanted

描述

Sorry for not following the template. It's a straightforward question.

By enabling "WordPress-specific rules", the following codes will be added to the wordpress.conf:

# WordPress: deny general stuff
location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|readme\.html|license\.txt)$ {
    deny all;
}

However, this disables xmlrpc feature, which disables WordPress mobile and desktop applications to access the site.

Should we consider adding a notice or make it optional?

貢獻者指南

技術棧: javascript
領域: devops
議題類型: feature
難度: 2
預計時間: 1-3 hours
活動狀態: stale
清晰度: clear
前置要求: 無
新手友善度: 85
研究方向: Examine the existing wordpress.conf template in the project to understand where the XML RPC block rule is defined. Review the comments on the issue for any maintainer suggestions or concerns. Consider adding a checkbox in the WordPress configuration section to optionally disable XML RPC blocking, and update the template accordingly. Also, include a notice about the impact on mobile/desktop applications.