wordpress xmlrpc settings

2022-08-24 09:45:01 +00:00 · 2022-08-24 09:45:01 +00:00 · 6e062e3f0e
parent e95e615c18
commit 6e062e3f0e
3 changed files with 30 additions and 1 deletions
--- a/src/nginxconfig/generators/conf/wordpress.conf.js
+++ b/src/nginxconfig/generators/conf/wordpress.conf.js
@ -54,10 +54,17 @@ export default (global, domain) => {
    };

    config['# WordPress: deny general stuff'] = '';
-    config['location ~* ^/(?:xmlrpc\\.php|wp-links-opml\\.php|wp-config\\.php|wp-config-sample\\.php|readme\\.html|license\\.txt)$'] = {
+    config['location ~* ^/(?:wp-links-opml\\.php|wp-config\\.php|wp-config-sample\\.php|readme\\.html|license\\.txt)$'] = {
        deny: 'all',
    };

+    if(global.security.wpDisableXmlrpc.computed){
+        config["# Wordpress: deny xmlrpc, required for mobile and desktop apps"] = ''
+        config['location ~* ^/(?:xmlrpc\\.php)$'] = {
+            deny:'all'
+        }
+    }
+
    if (global.security.limitReq.computed) {
        config['# WordPress: throttle wp-login.php'] = '';
        config['location = /wp-login.php'] = {
--- a/src/nginxconfig/templates/global_sections/security.vue
+++ b/src/nginxconfig/templates/global_sections/security.vue
@ -121,6 +121,23 @@ THE SOFTWARE.
            </div>
        </div>

+        <div class="field is-horizontal">
+            <div class="field-label">
+                <label class="label">disable xmlrc</label>
+            </div>
+            <div class="field-body">
+                <div class="field">
+                    <div :class="`control${wpDisableXmlrpc ? ' is-changed' : ''}`">
+                        <div class="checkbox">
+                            <PrettyCheck v-model="wpDisableXmlrpc" class="p-default p-curve p-fill p-icon">
+                                {{ $t('common.enable') }}
+                            </PrettyCheck>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+
        <div class="field is-horizontal">
            <div class="field-label">
                <label class="label">security.txt</label>
@ -191,6 +208,10 @@ THE SOFTWARE.
            default: false,
            enabled: true,
        },
+        wpDisableXmlrpc:{
+            default: true,
+            enabled: true,
+        },
        limitReq: {
            default: false,
            enabled: true,
--- a/src/nginxconfig/util/angular_backwards_compatibility.js
+++ b/src/nginxconfig/util/angular_backwards_compatibility.js
@ -39,6 +39,7 @@ const globalMap = {
    content_security_policy:    ['security', 'contentSecurityPolicy'],
    server_tokens:              ['security', 'serverTokens', oldBool],
    limit_req:                  ['security', 'limitReq', oldBool],
+    wp_disable_xmlrpc:          ['security','wpDisableXmlrpc', oldBool],

    php_server:                 ['php', 'phpServer'],
    php_server_backup:          ['php', 'phpBackupServer'],