PLANET-5509 Disable xmlrpc

greenpeace / planet4

Built on top of Wordpress tech, Greenpeace Planet 4 powers digital platforms to engage with millions and win campaigns around the world.

https://planet4.greenpeace.org

Creative Commons Attribution Share Alike 4.0 International

66 stars 27 forks source link

PLANET-5509 Disable xmlrpc #101

Closed planet-4 closed 3 years ago

planet-4 commented 3 years ago

xmlrpc is enabled in all of our instances (is enabled by default in WP). We probably don't rely on that anywhere in our code and it's safe to disable it. Having this enabled is a target for brute-force attacks.

Tasks

Investigate if disabling it has any side effects.
Disable it preferably through code (not plugin, but maybe check its code).

Reporter: nroussos
Sections: Security

Potentially affected repositories: planet4-master-theme

mleray commented 3 years ago

Solved with https://github.com/greenpeace/planet4-master-theme/pull/1289