Open edjeavons opened 1 year ago
We have seen Search Console reporting 403 responses on /xmlrpc.php as a site error, which misleads website owners.
Perhaps we can look into discouraging robots on this path, or else give another HTTP response that doesn't have the this side affect.
Encountered XMLRPC being exploited for attempts to access authenticated methods, used the following to completely disable it: add_filter('wp_xmlrpc_server_class', 'disable_wp_xmlrpc'); function disable_wp_xmlrpc($data) { exit('You dont have permission to access this file'); }
At the moment we are using the xmlrpc_enabled filter to disable XML-RPC methods requiring authentication but ideally there would be an option to disable access to xmlrpc.php entirely so it can't be used for any purpose (inc. bruteforcing credentials).