nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-21 07:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

wordpress: disable readme.html, xmlrpc.php, wp-cron.php

Browse Source 
Closes: #2244.

This patch disabled xmlrpc.php functionality entirely. For interacting with
WordPress using app, the new REST API functionality is recommended. However, for
the Pingback API XML-RPC is still a necessity. If this is an important feature
for FreedomBox users, we intend to re-enable XML-RPC functionality in WordPress.

Signed-off-by: nbenedek <contact@nbenedek.me>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This commit is contained in:
nbenedek 2022-08-22 20:46:19 +02:00 committed by Sunil Mohan Adapa
parent 43532e8349
commit f702e044f3
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
plinth/modules/wordpress/data/etc/apache2/conf-available/wordpress-freedombox.conf
View File

@ -54,3 +54,8 @@ Alias /wordpress /usr/share/wordpress
Require all granted
</IfFile>
</Directory>
# Harden security by following wpscan's suggestions. Issue #2244
<LocationMatch "^/wordpress/(readme.html|xmlrpc.php|wp-cron.php)">
Deny from All
</LocationMatch>