nginxconfig.io icon indicating copy to clipboard operation
nginxconfig.io copied to clipboard

Published 20 hours ago verified publisher icon digitalocean

wordpress.conf disable xmlrpc service by default

Open RebelliousWhiz opened this issue 3 years ago • 2 comments

Sorry for not following the template. It's a straightforward question.

By enabling "WordPress-specific rules", the following codes will be added to the wordpress.conf:

# WordPress: deny general stuff
location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|readme\.html|license\.txt)$ {
    deny all;
}

However, this disables xmlrpc feature, which disables WordPress mobile and desktop applications to access the site.

Should we consider adding a notice or make it optional?

RebelliousWhiz avatar Dec 29 '21 07:12 RebelliousWhiz

Hey! I think either would be a good solution here -- there should be patterns in the source already for showing warnings to a user, or a secondary toggle option would also be a good way to solve this.

MattIPv4 avatar Dec 29 '21 16:12 MattIPv4

Hi Matt! Considering most people using nginxconfig.io are noobs (I am a 100% noob also), I'd say it's better to have a secondary toggle option and add some comments.

For example:

[ ] Allow xmlrpc access

  • xmlrpc allows you to control WordPress sites by using WordPress applications or other plugins (like Jetpack) if you use them.

Regards, Andy

RebelliousWhiz avatar Dec 29 '21 18:12 RebelliousWhiz