• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Forwarded to devs Wordpress Toolkit, check security, turn off pingback / disable xmlrpc.php not working

TomBoB

Silver Pleskian
Username: TomBoB

TITLE

Wordpress Toolkit, check security, turn off pingback / disable xmlrpc.php not working

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

CentOS Linux 7.9.2009, Plesk 18.0.38 Update #2

PROBLEM DESCRIPTION

Turning of xmlrpc by using the Wordpress Toolit security feature des not work. Domain still responds to requests with "XML-RPC server accepts POST requests only."

STEPS TO REPRODUCE

Have a Wordpress website.
Have it installed in the hostings public root, or have it installed in a subfolder of the hostings public root, both cases show same result.
Use Wordpress toolkit t check securty, and turn of Pingbacks.

ACTUAL RESULT

still get "XML-RPC server accepts POST requests only." when checking the domain https://exampledomain.com/xmlrpc.php

EXPECTED RESULT

no access. Or a redirection if that is configured via a plugin.

ANY ADDITIONAL INFORMATION

Came across it on a domain that has Wordpress installed in a subfolder of the domains public root (httpdocs).

Also tested it on another domain where Wordpress is installed straight in the public root.

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
Tested it on domains using PHP 7.3 fastcgi by Apache, as well as on domains using 7.4 FPM by Nginx
 
Back
Top