هذه الإضافة لم يتم تحديثها وتجربتها لأكثر من 3 إصدارات ووردبريس رئيسية. قد لا تكون خاضعة للصيانة أو تقدم الدعم والمساعدة بالوقت الحالي وقد تكون بها مشاكل في التوافق عند إستخدامها مع إصدارات حديثة من ووردبريس.

XML-RPC Settings

الوصف

XML-RPC Settings

Configure XML-RPC methods to increase the security of your website:

Build-in features could be used for malicious purposes and cannot be disabled by default.

  • Disable GET access
    • XML-RPC API only responds to POST requests. Direct GET access is not needed and can be used to fingerprint websites and use them as XML-RPC zombies in later attacks.
  • Disable system.multicall
    • system.multicall method can be misused for amplification attacks.
  • Disable system.listMethods
    • system.listMethods method can be used for verifying attack scope.

Prevent malicious actors from enumerating usernames and credentials.

  • Disable authenticated methods
    • Methods requiring authentication, such as wp.getUsersBlogs, are often used to brute-force your passwords.

Pingbacks are a helpful feature to discover back-links to your posts but can be misused for DDoS attacks or allow fingerprinting your WP version.

  • Disable pingbacks
    • Pingbacks are generally safe, but are often used for DDoS attacks via system.multicall.
  • Remove X-Pingback header
    • If you decide to disable pingbacks, it’s a good practice to remove the X-Pingback header return by your posts.
  • Hide WordPress version when verifying pingbacks
    • Pingbacks’ user-agent can reveal your exact WordPress version, even when hidden by other plugins.
  • Hide WordPress version when sending pingbacks
    • Pingbacks’ user-agent can reveal your exact WordPress version, even when hidden by other plugins.

Unnecessary XML-RPC API, leave enabled if you are not sure.

  • Disable Demo API
    • Remove demo.sayHello and demo.addTwoNumbers methods, as they are not needed.
  • Disable Blogger API
    • WordPress supports the Blogger XML-RPC API methods.
  • Disable MetaWeblog API
    • WordPress supports the metaWeblog XML-RPC API.
  • Disable MovableType API
    • WordPress supports the MovableType XML-RPC API.

If you are using some integrations or WP mobile applications, it might be a good idea to allow XML-RPC only to specific IPs.

  • Allow XML-RPC only for
    • IP comma separated eg. 192.168.10.242, 192.168.10.241

It is possible to hide a message between the allowed methods when system.listMethods is called (not recommended).

  • Add message to XML-RPC methods
    • We are hiring! Check jobs.yourdomains.com

لقطات الشاشة

  • The settings page is highly configurable, with a deep set of options available for each feature.

التنصيب

Secure your website using the following steps to install XML-RPC Settings:

  1. Install XML-RPC Settings automatically or by uploading the ZIP file.
  2. Activate the XML-RPC Settings through the ‘Plugins’ menu in WordPress. XML-RPC Settings is now activated.
  3. Go to the Settings >> XML-RPC Settings and configure the plugin based on your needs.

الأسئلة المتكررّة

How does XML-RPC Settings protect sites from attackers?

The XML-RPC Settings plugin allows you to configure XML-RPC methods to increase the security of your website. For example, you can easily disable Pingback methods, which might be misused by attacks to launch DDoS attacks.

المراجعات

لا توجد مراجعات لهذه الإضافة.

المساهمون والمطوّرون

“XML-RPC Settings” هو برنامج مفتوح المصدر. وقد ساهم هؤلاء الأشخاص بالأسفل في هذه الإضافة.

المساهمون

ترجمة ”XML-RPC Settings“ إلى لغتك.

مُهتم بالتطوير؟

تصفّح الشفرة، تحقق من مستودع SVN، أو الاشتراك في سجل التطوير بواسطة RSS.

سجل التغييرات

1.2.1 – October 05, 2021

  • Fix callback function to register settings

1.2 – October 05, 2021

  • Add xmlrpc_settings_ prefix to function names to be unique

1.1 – October 03, 2021

  • Updated readme.txt and fixed grammar

1.0

  • An initial release