├── .github_changelog_generator
├── CHANGELOG.md
├── LICENSE
├── README.md
├── defaults
    └── main.yml
├── meta
    └── main.yml
├── tasks
    └── main.yml
├── templates
    └── disable-xml-rpc.conf.j2
└── tests
    └── test.yml


/.github_changelog_generator:
--------------------------------------------------------------------------------
1 | unreleased=true
2 | future-release=0.1.0
3 | 


--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | # Change Log
2 | 
3 | 
4 | 
5 | \* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2018 Itineris Limited
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # trellis-disable-xml-rpc
  2 | 
  3 | [![GitHub tag](https://img.shields.io/github/tag/ItinerisLtd/trellis-disable-xml-rpc.svg)](https://github.com/ItinerisLtd/trellis-disable-xml-rpc/tags)
  4 | [![license](https://img.shields.io/github/license/ItinerisLtd/trellis-disable-xml-rpc.svg)](https://github.com/ItinerisLtd/trellis-disable-xml-rpc/blob/master/LICENSE)
  5 | 
  6 | 
  7 | Disable [WordPress XML-RPC](https://codex.wordpress.org/XML-RPC_Support) on [Trellis](https://roots.io/trellis/) sites.
  8 | 
  9 | <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 10 | <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 11 | 
 12 | 
 13 | - [Goal](#goal)
 14 | - [Why disable WordPress XML-RPC?](#why-disable-wordpress-xml-rpc)
 15 | - [Requirements](#requirements)
 16 | - [Installation](#installation)
 17 | - [Known Issues](#known-issues)
 18 |   - [Incompatible Plugins](#incompatible-plugins)
 19 | - [FAQs](#faqs)
 20 |   - [Can I use this on managed hosting?](#can-i-use-this-on-managed-hosting)
 21 |   - [It looks awesome. Where can I find some more goodies like this?](#it-looks-awesome-where-can-i-find-some-more-goodies-like-this)
 22 |   - [This isn't on wp.org. Where can I give a ⭐️⭐️⭐️⭐️⭐️ review?](#this-isnt-on-wporg-where-can-i-give-a-%EF%B8%8F%EF%B8%8F%EF%B8%8F%EF%B8%8F%EF%B8%8F-review)
 23 | - [Testing](#testing)
 24 |   - [Syntax Check](#syntax-check)
 25 | - [Author Information](#author-information)
 26 | - [Feedback](#feedback)
 27 | - [Change log](#change-log)
 28 | - [License](#license)
 29 | 
 30 | <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 31 | 
 32 | ## Goal
 33 | 
 34 | Deny all requests to [WordPress XML-RPC](https://codex.wordpress.org/XML-RPC_Support) (i.e: `/wp/xmlrpc.php`) by Nginx.
 35 | 
 36 | ## Why disable WordPress XML-RPC?
 37 | 
 38 | - [Kinsta: What is WordPress XML-RPC and How To Stop an Attack](http://bit.ly/kinsta-xml-rpc)
 39 | - [WPMU DEV: XML-RPC and Why It’s Time to Remove it for WordPress Security](http://bit.ly/2C8TYtt)
 40 | - [Sucuri: New Brute Force Attacks Exploiting XMLRPC in WordPress](http://bit.ly/2NwgQnX)
 41 | - [Incapsula: WordPress Default Leaves Millions of Sites Exploitable for DDoS Attacks](http://bit.ly/2wtbpP6)
 42 | - [LittleBizzy: How (And Why) To Disable WordPress XML-RPC](http://bit.ly/2LARmUr)
 43 | 
 44 | ## Requirements
 45 | 
 46 | - Trellis [17c26fc](https://github.com/roots/trellis/commit/17c26fc9eb5fe0d427195124e8adc91a73380503) or later
 47 | - Ansible v2.6 or later
 48 | 
 49 | ## Installation
 50 | 
 51 | Add this role to `requirements.yml`:
 52 | 
 53 | ```yaml
 54 | # requirements.yml
 55 | - src: https://github.com/ItinerisLtd/trellis-disable-xml-rpc
 56 |   version: 0.2.0 # Check for latest version!
 57 | ```
 58 | 
 59 | Run the command:
 60 | 
 61 | ```bash
 62 | ➜ ansible-galaxy install -r requirements.yml --force
 63 | ```
 64 | 
 65 | Add the role into `dev.yml` and `server.yml`, immediately after `role: wordpress-setup`:
 66 | 
 67 | ```yaml
 68 | roles:
 69 |   # Some other Trellis roles ...
 70 |   - { role: wordpress-setup, tags: [wordpress, wordpress-setup, letsencrypt] }
 71 |   - { role: trellis-disable-xml-rpc, tags: [nginx, wordpress, wordpress-setup] }
 72 |   # Some other Trellis roles ...
 73 | ```
 74 | 
 75 | Then, re-provision as usual:
 76 | 
 77 | ```bash
 78 | # https://roots.io/trellis/docs/local-development-setup/
 79 | ➜ vagrant reload --provision
 80 | 
 81 | # https://roots.io/trellis/docs/remote-server-setup/
 82 | ➜ ansible-playbook server.yml -e env=<environment>
 83 | ```
 84 | 
 85 | ## Known Issues
 86 | 
 87 | ### Incompatible Plugins
 88 | 
 89 | Unfortunately, some plugins still relying on [WordPress XML-RPC](https://codex.wordpress.org/XML-RPC_Support):
 90 | 
 91 | - [Jetpack](https://jetpack.com/support/getting-started-with-jetpack/troubleshooting-tips/)
 92 | 
 93 | ## FAQs
 94 | 
 95 | ### Can I use this on managed hosting?
 96 | 
 97 | No, you can't use this on managed hosting such as [Kinsta](http://bit.ly/kinsta-com) or [WP Engine](https://typist.tech/go/wp-engine).
 98 | 
 99 | You can disable WordPress XML-RPC by filters:
100 | 
101 | - [xmlrpc_enabled](https://developer.wordpress.org/reference/hooks/xmlrpc_enabled/) - The name is [misleading](https://developer.wordpress.org/reference/hooks/xmlrpc_enabled/#description)!
102 | - [xmlrpc_methods](https://developer.wordpress.org/reference/hooks/xmlrpc_methods/)
103 | - [xmlrpc_element_limit](https://developer.wordpress.org/reference/hooks/xmlrpc_element_limit/)
104 | 
105 | Or, just use our plugin - [itineris-disable-xml-rpc](https://github.com/ItinerisLtd/itineris-disable-xml-rpc)
106 | 
107 | ### It looks awesome. Where can I find some more goodies like this?
108 | 
109 | - Articles on [Itineris' blog](https://www.itineris.co.uk/blog/)
110 | - More projects on [Itineris' GitHub profile](https://github.com/itinerisltd)
111 | - Follow [@itineris_ltd](https://twitter.com/itineris_ltd) and [@TangRufus](https://twitter.com/tangrufus) on Twitter
112 | - Hire [Itineris](https://www.itineris.co.uk/services/) to build your next awesome site
113 | 
114 | ### This isn't on wp.org. Where can I give a ⭐️⭐️⭐️⭐️⭐️ review?
115 | 
116 | Thanks! Glad you like it. It's important to make my boss know somebody is using this project. Instead of giving reviews on wp.org, consider:
117 | 
118 | - tweet something good with mentioning [@itineris_ltd](https://twitter.com/itineris_ltd)
119 | - star this Github repo
120 | - watch this Github repo
121 | - write blog posts
122 | - submit pull requests
123 | - [hire Itineris](https://www.itineris.co.uk/services/)
124 | 
125 | ## Testing
126 | 
127 | ### Syntax Check
128 | 
129 | ```bash
130 | ➜ ansible-playbook -i 'localhost,' --syntax-check tests/test.yml
131 | ```
132 | 
133 | ## Author Information
134 | 
135 | [trellis-disable-xml-rpc](https://github.com/ItinerisLtd/trellis-disable-xml-rpc) is a [Itineris Limited](https://www.itineris.co.uk/) project created by [Tang Rufus](https://typist.tech).
136 | 
137 | Special thanks to [the Roots team](https://roots.io/about/) whose [Trellis](https://github.com/roots/trellis) make this project possible.
138 | 
139 | Full list of contributors can be found [here](https://github.com/ItinerisLtd/trellis-disable-xml-rpc/graphs/contributors).
140 | 
141 | ## Feedback
142 | 
143 | **Please provide feedback!** We want to make this library useful in as many projects as possible.
144 | Please submit an [issue](https://github.com/ItinerisLtd/trellis-disable-xml-rpc/issues/new) and point out what you do and don't like, or fork the project and make suggestions.
145 | **No issue is too small.**
146 | 
147 | ## Change log
148 | 
149 | Please see [CHANGELOG](./CHANGELOG.md) for more information on what has changed recently.
150 | 
151 | ## License
152 | 
153 | [trellis-disable-xml-rpc](https://github.com/ItinerisLtd/trellis-disable-xml-rpc) is released under the [MIT License](https://opensource.org/licenses/MIT).
154 | 


--------------------------------------------------------------------------------
/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # defaults file for trellis-purge-kinsta-cache-during-deploy
3 | 


--------------------------------------------------------------------------------
/meta/main.yml:
--------------------------------------------------------------------------------
 1 | galaxy_info:
 2 |   author: Itineris Limited
 3 |   description: Disable WordPress XML-RPC on Trellis sites
 4 |   company: Itineris Limited
 5 |   license: MIT
 6 |   min_ansible_version: 2.6
 7 |   platforms:
 8 |   - name: Ubuntu
 9 |     versions:
10 |     - xenial
11 |   galaxy_tags:
12 |     - trellis
13 |     - wordpress
14 |     - xml-rpc
15 | dependencies: []
16 | 


--------------------------------------------------------------------------------
/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - name: Ensure includes.d directories exist
 3 |   file:
 4 |     path: "{{ nginx_path }}/includes.d/{{ item.key }}"
 5 |     state: directory
 6 |     mode: 0755
 7 |   with_dict: "{{ wordpress_sites }}"
 8 | 
 9 | - name: Template disable-xml-rpc.conf file out to includes.d
10 |   template:
11 |     src: disable-xml-rpc.conf.j2
12 |     dest: "{{ nginx_path }}/includes.d/{{ item.key }}/disable-xml-rpc.conf"
13 |   with_dict: "{{ wordpress_sites }}"
14 |   notify: reload nginx
15 | 


--------------------------------------------------------------------------------
/templates/disable-xml-rpc.conf.j2:
--------------------------------------------------------------------------------
1 | # {{ ansible_managed }}
2 | 
3 | # trellis-disable-xml-rpc
4 | # https://github.com/ItinerisLtd/trellis-disable-xml-rpc
5 | 
6 | location ~* xmlrpc\.php$ {
7 |   return 444;
8 | }
9 | 


--------------------------------------------------------------------------------
/tests/test.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: all
3 |   roles:
4 |     - ../../trellis-disable-xml-rpc
5 | 


--------------------------------------------------------------------------------