این افزونه با آخرین 3 نسخه اصلی وردپرس تست نشده است. ممکن است دیگر نگهداری یا پشتیبانی نشود و ممکن است هنگام استفاده با نسخه های جدیدتر وردپرس مشکلات سازگاری داشته باشد.

XML-RPC Settings

توضیحات

XML-RPC Settings

Configure XML-RPC methods to increase the security of your website:

Build-in features could be used for malicious purposes and cannot be disabled by default.

  • Disable GET access
    • XML-RPC API only responds to POST requests. Direct GET access is not needed and can be used to fingerprint websites and use them as XML-RPC zombies in later attacks.
  • Disable system.multicall
    • system.multicall method can be misused for amplification attacks.
  • Disable system.listMethods
    • system.listMethods method can be used for verifying attack scope.

Prevent malicious actors from enumerating usernames and credentials.

  • Disable authenticated methods
    • Methods requiring authentication, such as wp.getUsersBlogs, are often used to brute-force your passwords.

Pingbacks are a helpful feature to discover back-links to your posts but can be misused for DDoS attacks or allow fingerprinting your WP version.

  • Disable pingbacks
    • Pingbacks are generally safe, but are often used for DDoS attacks via system.multicall.
  • Remove X-Pingback header
    • If you decide to disable pingbacks, it’s a good practice to remove the X-Pingback header return by your posts.
  • Hide WordPress version when verifying pingbacks
    • Pingbacks’ user-agent can reveal your exact WordPress version, even when hidden by other plugins.
  • Hide WordPress version when sending pingbacks
    • Pingbacks’ user-agent can reveal your exact WordPress version, even when hidden by other plugins.

Unnecessary XML-RPC API, leave enabled if you are not sure.

  • Disable Demo API
    • Remove demo.sayHello and demo.addTwoNumbers methods, as they are not needed.
  • Disable Blogger API
    • WordPress supports the Blogger XML-RPC API methods.
  • Disable MetaWeblog API
    • WordPress supports the metaWeblog XML-RPC API.
  • Disable MovableType API
    • WordPress supports the MovableType XML-RPC API.

If you are using some integrations or WP mobile applications, it might be a good idea to allow XML-RPC only to specific IPs.

  • Allow XML-RPC only for
    • IP comma separated eg. 192.168.10.242, 192.168.10.241

It is possible to hide a message between the allowed methods when system.listMethods is called (not recommended).

  • Add message to XML-RPC methods
    • We are hiring! Check jobs.yourdomains.com

عکس‌های صفحه

  • The settings page is highly configurable, with a deep set of options available for each feature.

نصب

Secure your website using the following steps to install XML-RPC Settings:

  1. Install XML-RPC Settings automatically or by uploading the ZIP file.
  2. Activate the XML-RPC Settings through the ‘Plugins’ menu in WordPress. XML-RPC Settings is now activated.
  3. Go to the Settings >> XML-RPC Settings and configure the plugin based on your needs.

سوالات متداول

How does XML-RPC Settings protect sites from attackers?

The XML-RPC Settings plugin allows you to configure XML-RPC methods to increase the security of your website. For example, you can easily disable Pingback methods, which might be misused by attacks to launch DDoS attacks.

نقد و بررسی‌ها

نقد و بررسی‌ای برای این افزونه یافت نشد.

توسعه دهندگان و همکاران

“XML-RPC Settings” نرم افزار متن باز است. افراد زیر در این افزونه مشارکت کرده‌اند.

مشارکت کنندگان

ترجمه “XML-RPC Settings” به زبان شما.

علاقه‌ مند به توسعه هستید؟

کد را مرور کنید, را بررسی کنید مخزن SVN, یا مشترک شوید گزارش توسعه توسط RSS.

گزارش تغییرات

1.2.1 – October 05, 2021

  • Fix callback function to register settings

1.2 – October 05, 2021

  • Add xmlrpc_settings_ prefix to function names to be unique

1.1 – October 03, 2021

  • Updated readme.txt and fixed grammar

1.0

  • An initial release