{"id":20742699,"url":"https://github.com/itinerisltd/trellis-disable-xml-rpc","last_synced_at":"2025-04-24T05:16:12.226Z","repository":{"id":94987524,"uuid":"146540720","full_name":"ItinerisLtd/trellis-disable-xml-rpc","owner":"ItinerisLtd","description":"Disable WordPress XML RPC on Trellis sites","archived":false,"fork":false,"pushed_at":"2018-09-06T01:04:25.000Z","size":14,"stargazers_count":16,"open_issues_count":0,"forks_count":0,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-04-24T05:15:54.593Z","etag":null,"topics":["ansible-galaxy","security","trellis","wordpress","xml-rpc"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ItinerisLtd.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-08-29T03:36:00.000Z","updated_at":"2023-02-13T05:57:40.000Z","dependencies_parsed_at":"2023-03-22T00:04:15.546Z","dependency_job_id":null,"html_url":"https://github.com/ItinerisLtd/trellis-disable-xml-rpc","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ItinerisLtd%2Ftrellis-disable-xml-rpc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ItinerisLtd%2Ftrellis-disable-xml-rpc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ItinerisLtd%2Ftrellis-disable-xml-rpc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ItinerisLtd%2Ftrellis-disable-xml-rpc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ItinerisLtd","download_url":"https://codeload.github.com/ItinerisLtd/trellis-disable-xml-rpc/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250566511,"owners_count":21451234,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible-galaxy","security","trellis","wordpress","xml-rpc"],"created_at":"2024-11-17T07:07:05.394Z","updated_at":"2025-04-24T05:16:12.220Z","avatar_url":"https://github.com/ItinerisLtd.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# trellis-disable-xml-rpc\n\n[![GitHub tag](https://img.shields.io/github/tag/ItinerisLtd/trellis-disable-xml-rpc.svg)](https://github.com/ItinerisLtd/trellis-disable-xml-rpc/tags)\n[![license](https://img.shields.io/github/license/ItinerisLtd/trellis-disable-xml-rpc.svg)](https://github.com/ItinerisLtd/trellis-disable-xml-rpc/blob/master/LICENSE)\n\n\nDisable [WordPress XML-RPC](https://codex.wordpress.org/XML-RPC_Support) on [Trellis](https://roots.io/trellis/) sites.\n\n\u003c!-- START doctoc generated TOC please keep comment here to allow auto update --\u003e\n\u003c!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --\u003e\n\n\n- [Goal](#goal)\n- [Why disable WordPress XML-RPC?](#why-disable-wordpress-xml-rpc)\n- [Requirements](#requirements)\n- [Installation](#installation)\n- [Known Issues](#known-issues)\n  - [Incompatible Plugins](#incompatible-plugins)\n- [FAQs](#faqs)\n  - [Can I use this on managed hosting?](#can-i-use-this-on-managed-hosting)\n  - [It looks awesome. Where can I find some more goodies like this?](#it-looks-awesome-where-can-i-find-some-more-goodies-like-this)\n  - [This isn't on wp.org. Where can I give a ⭐️⭐️⭐️⭐️⭐️ review?](#this-isnt-on-wporg-where-can-i-give-a-%EF%B8%8F%EF%B8%8F%EF%B8%8F%EF%B8%8F%EF%B8%8F-review)\n- [Testing](#testing)\n  - [Syntax Check](#syntax-check)\n- [Author Information](#author-information)\n- [Feedback](#feedback)\n- [Change log](#change-log)\n- [License](#license)\n\n\u003c!-- END doctoc generated TOC please keep comment here to allow auto update --\u003e\n\n## Goal\n\nDeny all requests to [WordPress XML-RPC](https://codex.wordpress.org/XML-RPC_Support) (i.e: `/wp/xmlrpc.php`) by Nginx.\n\n## Why disable WordPress XML-RPC?\n\n- [Kinsta: What is WordPress XML-RPC and How To Stop an Attack](http://bit.ly/kinsta-xml-rpc)\n- [WPMU DEV: XML-RPC and Why It’s Time to Remove it for WordPress Security](http://bit.ly/2C8TYtt)\n- [Sucuri: New Brute Force Attacks Exploiting XMLRPC in WordPress](http://bit.ly/2NwgQnX)\n- [Incapsula: WordPress Default Leaves Millions of Sites Exploitable for DDoS Attacks](http://bit.ly/2wtbpP6)\n- [LittleBizzy: How (And Why) To Disable WordPress XML-RPC](http://bit.ly/2LARmUr)\n\n## Requirements\n\n- Trellis [17c26fc](https://github.com/roots/trellis/commit/17c26fc9eb5fe0d427195124e8adc91a73380503) or later\n- Ansible v2.6 or later\n\n## Installation\n\nAdd this role to `requirements.yml`:\n\n```yaml\n# requirements.yml\n- src: https://github.com/ItinerisLtd/trellis-disable-xml-rpc\n  version: 0.2.0 # Check for latest version!\n```\n\nRun the command:\n\n```bash\n➜ ansible-galaxy install -r requirements.yml --force\n```\n\nAdd the role into `dev.yml` and `server.yml`, immediately after `role: wordpress-setup`:\n\n```yaml\nroles:\n  # Some other Trellis roles ...\n  - { role: wordpress-setup, tags: [wordpress, wordpress-setup, letsencrypt] }\n  - { role: trellis-disable-xml-rpc, tags: [nginx, wordpress, wordpress-setup] }\n  # Some other Trellis roles ...\n```\n\nThen, re-provision as usual:\n\n```bash\n# https://roots.io/trellis/docs/local-development-setup/\n➜ vagrant reload --provision\n\n# https://roots.io/trellis/docs/remote-server-setup/\n➜ ansible-playbook server.yml -e env=\u003cenvironment\u003e\n```\n\n## Known Issues\n\n### Incompatible Plugins\n\nUnfortunately, some plugins still relying on [WordPress XML-RPC](https://codex.wordpress.org/XML-RPC_Support):\n\n- [Jetpack](https://jetpack.com/support/getting-started-with-jetpack/troubleshooting-tips/)\n\n## FAQs\n\n### Can I use this on managed hosting?\n\nNo, you can't use this on managed hosting such as [Kinsta](http://bit.ly/kinsta-com) or [WP Engine](https://typist.tech/go/wp-engine).\n\nYou can disable WordPress XML-RPC by filters:\n\n- [xmlrpc_enabled](https://developer.wordpress.org/reference/hooks/xmlrpc_enabled/) - The name is [misleading](https://developer.wordpress.org/reference/hooks/xmlrpc_enabled/#description)!\n- [xmlrpc_methods](https://developer.wordpress.org/reference/hooks/xmlrpc_methods/)\n- [xmlrpc_element_limit](https://developer.wordpress.org/reference/hooks/xmlrpc_element_limit/)\n\nOr, just use our plugin - [itineris-disable-xml-rpc](https://github.com/ItinerisLtd/itineris-disable-xml-rpc)\n\n### It looks awesome. Where can I find some more goodies like this?\n\n- Articles on [Itineris' blog](https://www.itineris.co.uk/blog/)\n- More projects on [Itineris' GitHub profile](https://github.com/itinerisltd)\n- Follow [@itineris_ltd](https://twitter.com/itineris_ltd) and [@TangRufus](https://twitter.com/tangrufus) on Twitter\n- Hire [Itineris](https://www.itineris.co.uk/services/) to build your next awesome site\n\n### This isn't on wp.org. Where can I give a ⭐️⭐️⭐️⭐️⭐️ review?\n\nThanks! Glad you like it. It's important to make my boss know somebody is using this project. Instead of giving reviews on wp.org, consider:\n\n- tweet something good with mentioning [@itineris_ltd](https://twitter.com/itineris_ltd)\n- star this Github repo\n- watch this Github repo\n- write blog posts\n- submit pull requests\n- [hire Itineris](https://www.itineris.co.uk/services/)\n\n## Testing\n\n### Syntax Check\n\n```bash\n➜ ansible-playbook -i 'localhost,' --syntax-check tests/test.yml\n```\n\n## Author Information\n\n[trellis-disable-xml-rpc](https://github.com/ItinerisLtd/trellis-disable-xml-rpc) is a [Itineris Limited](https://www.itineris.co.uk/) project created by [Tang Rufus](https://typist.tech).\n\nSpecial thanks to [the Roots team](https://roots.io/about/) whose [Trellis](https://github.com/roots/trellis) make this project possible.\n\nFull list of contributors can be found [here](https://github.com/ItinerisLtd/trellis-disable-xml-rpc/graphs/contributors).\n\n## Feedback\n\n**Please provide feedback!** We want to make this library useful in as many projects as possible.\nPlease submit an [issue](https://github.com/ItinerisLtd/trellis-disable-xml-rpc/issues/new) and point out what you do and don't like, or fork the project and make suggestions.\n**No issue is too small.**\n\n## Change log\n\nPlease see [CHANGELOG](./CHANGELOG.md) for more information on what has changed recently.\n\n## License\n\n[trellis-disable-xml-rpc](https://github.com/ItinerisLtd/trellis-disable-xml-rpc) is released under the [MIT License](https://opensource.org/licenses/MIT).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fitinerisltd%2Ftrellis-disable-xml-rpc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fitinerisltd%2Ftrellis-disable-xml-rpc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fitinerisltd%2Ftrellis-disable-xml-rpc/lists"}