From 9740c848c5def2da67c5774e0dc9200a26568b59 Mon Sep 17 00:00:00 2001
From: Kim Oliver Drechsel <kim@drechsel.xyz>
Date: Fri, 15 Nov 2024 20:56:59 +0100
Subject: [PATCH 1/3] block Wordpress XML-RPC endpoint

---
 v2/WordPress/WordPress | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/v2/WordPress/WordPress b/v2/WordPress/WordPress
index 2dd7be5..0b548fc 100644
--- a/v2/WordPress/WordPress
+++ b/v2/WordPress/WordPress
@@ -21,6 +21,10 @@ server {
     allow all;
   }
 
+  location = /xmlrpc.php {
+    deny all;
+  }
+
   {{settings}}
 
   try_files $uri $uri/ /index.php?$args;
@@ -58,4 +62,4 @@ server {
   if (-f $request_filename) {
     break;
   }
-}
\ No newline at end of file
+}

From 9aa666b723744785291f184ffbcc591b7574fbef Mon Sep 17 00:00:00 2001
From: Kim Oliver Drechsel <kim@drechsel.xyz>
Date: Fri, 15 Nov 2024 21:12:11 +0100
Subject: [PATCH 2/3] block wordpress xmlrpc endoint

---
 v2-http3/WordPress/WordPress | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/v2-http3/WordPress/WordPress b/v2-http3/WordPress/WordPress
index 39f4828..52d9ecf 100644
--- a/v2-http3/WordPress/WordPress
+++ b/v2-http3/WordPress/WordPress
@@ -31,6 +31,10 @@ server {
     deny all;
   }
 
+  location = /xmlrpc.php {
+    deny all;
+  }
+
   location ~/(wp-admin/|wp-login.php) {
     #auth_basic "Restricted Area";
     #auth_basic_user_file /home/site-user/.htpasswd;
@@ -117,4 +121,4 @@ server {
   if (-f $request_filename) {
     break;
   }
-}
\ No newline at end of file
+}

From 1cd09d13da07cce0c5c5cfc69523cb94682f7bc1 Mon Sep 17 00:00:00 2001
From: Kim Oliver Drechsel <kim@drechsel.xyz>
Date: Fri, 15 Nov 2024 21:13:09 +0100
Subject: [PATCH 3/3] block wordpress xmlrpc endpoint

---
 v2-varnish/WordPress/WordPress | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/v2-varnish/WordPress/WordPress b/v2-varnish/WordPress/WordPress
index ac50838..a929c33 100644
--- a/v2-varnish/WordPress/WordPress
+++ b/v2-varnish/WordPress/WordPress
@@ -27,6 +27,10 @@ server {
     deny all;
   }
 
+  location = /xmlrpc.php {
+    deny all;
+  }
+
   location ~/(wp-admin/|wp-login.php) {
     #auth_basic "Restricted Area";
     #auth_basic_user_file /home/site-user/.htpasswd;
@@ -110,4 +114,4 @@ server {
   if (-f $request_filename) {
     break;
   }
-}
\ No newline at end of file
+}