• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Forwarded to devs Wordpress Toolkit, check security, turn off pingback / disable xmlrpc.php not working

TomBoB

Regular Pleskian
Username: TomBoB

TITLE

Wordpress Toolkit, check security, turn off pingback / disable xmlrpc.php not working

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

CentOS Linux 7.9.2009, Plesk 18.0.38 Update #2

PROBLEM DESCRIPTION

Turning of xmlrpc by using the Wordpress Toolit security feature des not work. Domain still responds to requests with "XML-RPC server accepts POST requests only."

STEPS TO REPRODUCE

Have a Wordpress website.
Have it installed in the hostings public root, or have it installed in a subfolder of the hostings public root, both cases show same result.
Use Wordpress toolkit t check securty, and turn of Pingbacks.

ACTUAL RESULT

still get "XML-RPC server accepts POST requests only." when checking the domain https://exampledomain.com/xmlrpc.php

EXPECTED RESULT

no access. Or a redirection if that is configured via a plugin.

ANY ADDITIONAL INFORMATION

Came across it on a domain that has Wordpress installed in a subfolder of the domains public root (httpdocs).

Also tested it on another domain where Wordpress is installed straight in the public root.

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
Tested it on domains using PHP 7.3 fastcgi by Apache, as well as on domains using 7.4 FPM by Nginx
 
Back
Top