Wordpress nginx conf

Support apps
, ,
1

What app is this about, and its version: Wordpress
What YunoHost version are you running: 12.1.39
What type of hardware are you using: Old laptop or computer

Describe your issue

Intending to block access to xmlrpc.php using nginx, I figured that the file at the root location website.com/xmlrpc.php is still exposed, despite

location / {
       # [...]

       # Deny public access to xmlrpc.php
       location ~* xmlrpc.php {
              deny all;
              return 403;
       }
}

in /etc/nginx/conf.d/website.com.d/wordpress.conf (see the template). I have to do more research regarding nginx, but would like to solve this quickly for my live site, thus this post. What I see, is that the inclusion of the wordpress.conf file is only stated in the server-block listening to 443 and not in the server-block listening to 80 (see server.tld.conf template). For a reason that I ignore the file is also reachable via https://website.com/xmlrpc.php – maybe someone could give me some insights into the rationale behind the current wordpress nginx configuration.

Share relevant logs or error messages

None

Persistent configuration change with regen-conf hook
2

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.