wordpress.conf disable xmlrpc service by default · digitalocean/nginxconfig.io#316

(5 评论) (0 反应) (0 负责人)JavaScript (26,979 star) (1,978 fork)batch import

enhancementgood first issuehacktoberfesthelp wanted

描述

Sorry for not following the template. It's a straightforward question.

By enabling "WordPress-specific rules", the following codes will be added to the wordpress.conf:

# WordPress: deny general stuff
location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|readme\.html|license\.txt)$ {
    deny all;
}

However, this disables xmlrpc feature, which disables WordPress mobile and desktop applications to access the site.

Should we consider adding a notice or make it optional?

贡献者指南

技术栈: javascript
领域: devops
议题类型: feature
难度: 2
预计时间: 1-3 hours
活动状态: stale
清晰度: clear
前置要求: 无
新手友好度: 85
研究方向: Examine the existing wordpress.conf template in the project to understand where the XML RPC block rule is defined. Review the comments on the issue for any maintainer suggestions or concerns. Consider adding a checkbox in the WordPress configuration section to optionally disable XML RPC blocking, and update the template accordingly. Also, include a notice about the impact on mobile/desktop applications.