New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable XML-RPC by default #87
Comments
Username isn't a secret, so I wouldn't tamper with /wp-json/wp/v2/users. Just enforce strong passwords and rate limit logins? |
Already done. What's next? |
Force 2FA for administrators? |
Related commit: dc35228 |
You can run this on your site to activate the settings:
|
Our plan is to have the settings above enabled on all new sites via the Seravo Plugin. |
Made a pull request about disabling XML-RPC by default: Seravo/seravo-plugin#319 |
Closed via 32e12f8 |
Due to low usage and high risk, the time would be right to start shutting down the XML-RPC service by default on all new sites. Do it either via Nginx config rule or via the Seravo Plugin.
Also check if the JSON API user listing should be restricted by default as well.
The text was updated successfully, but these errors were encountered: