• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Forwarded to devs Wordpress Toolkit, check security, turn off pingback / disable xmlrpc.php not working

T

TomBoB

Silver Pleskian
Username: TomBoB

TITLE

Wordpress Toolkit, check security, turn off pingback / disable xmlrpc.php not working

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

CentOS Linux 7.9.2009, Plesk 18.0.38 Update #2

PROBLEM DESCRIPTION

Turning of xmlrpc by using the Wordpress Toolit security feature des not work. Domain still responds to requests with "XML-RPC server accepts POST requests only."

STEPS TO REPRODUCE

Have a Wordpress website.
Have it installed in the hostings public root, or have it installed in a subfolder of the hostings public root, both cases show same result.
Use Wordpress toolkit t check securty, and turn of Pingbacks.

ACTUAL RESULT

still get "XML-RPC server accepts POST requests only." when checking the domain https://exampledomain.com/xmlrpc.php

EXPECTED RESULT

no access. Or a redirection if that is configured via a plugin.

ANY ADDITIONAL INFORMATION

Came across it on a domain that has Wordpress installed in a subfolder of the domains public root (httpdocs).

Also tested it on another domain where Wordpress is installed straight in the public root.

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
Tested it on domains using PHP 7.3 fastcgi by Apache, as well as on domains using 7.4 FPM by Nginx
 
You must log in or register to reply here.

Similar threads

R
Resolved WP Toolkit/Wordpress Toolkit - older version screenshot issue
Replies
4
Views
303
rhall
R
H
Question SSH user can see other subdomain directories even with chrooted shell?
Replies
3
Views
490
Raul A.
R
F
WP-Toolkit Wordpress/Jetpack ios-app no connection
Replies
3
Views
5K
bni
B
S
Apache does not apply .htaccess directives for certain files after migration through Plesk Migrator
Replies
2
Views
2K
NewGate
N
P
Resolved WP Toolkit vulnerability alert might be a false positive? [Unauthenticated Blind SSRF]
Replies
5
Views
5K
Wiz
Wiz
Back
Top