Join the community today
Register Now

Using Wordpress XML-RPC and Rest API

Discussion in 'Blogs & CMS usage' started by Max, May 8, 2023.

  1. Max

    Max Member

    115
    5
    18
    Feb 17, 2018
    Ratings:
    +9
    Local Time:
    3:48 AM
    Hello,
    Under user I get "Your site appears to be using basic authentication, which is currently incompatible with application passwords."
    and
    "The author URL https://mojobus.org/author/max/ does not return a valid JSON for application/activity+json."
    also, a connection with the wordpress app is not possible.
    How can i fix this problem.
    How to get full access to the XML-RPC interface and Rest API.
    Is there anything that is actively prevented by centminmod?

    thanks

     
    Last edited: May 8, 2023
  2. eva2000

    eva2000 Administrator Staff Member

    53,223
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    12:48 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    You'd have to remove WordPress basic http authentication. So you comment out in nginx vhost
    Code (Text):
       auth_basic "Private";
       auth_basic_user_file /home/nginx/domains/yourdomain.com/htpasswd_wplogin;
    

    Restart nginx & php-fpm
     
  3. Max

    Max Member

    115
    5
    18
    Feb 17, 2018
    Ratings:
    +9
    Local Time:
    3:48 AM
    Code:
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        #limit_conn xwpconlimit 30;
        #auth_basic "Private";
        #auth_basic_user_file /home/nginx/domains/mojobus.org/htpasswd_wplogin;
     include /usr/local/nginx/conf/php-wpsc.conf;
    
    ngxrestart
    not work
    XML-RPC Validator
    Code:
    Sorry, we cannot find the RSD Endpoint link in the src code of the page. The RSD document contains the URL to the XML-RPC endpoint.
    
    2023-05-08 07:12:21     The validator will start the XML-RPC discovery process by using the URL 'http://mojobus.org' as base URL.
    2023-05-08 07:12:21     The validator is going to the test following URL: http://mojobus.org/xmlrpc.php by doing the XML-RPC call system.listMethods on it.
    2023-05-08 07:12:21     HTTP Request headers: Array ( [Content-Type] => text/xml [User-Agent] => WordPress XML-RPC Client/1.1 [Content-Length] => 158 [Accept] => */* )
    2023-05-08 07:12:21     XML-RPC Request:
    2023-05-08 07:12:21     
    
    <?xml version="1.0"?>
    <methodCall>
        <methodName>system.listMethods</methodName>
        <params>
            <param>
                <value>
                    <string/>
                </value>
            </param>
        </params>
    </methodCall>
    
    2023-05-08 07:12:21     Response details below ->
    2023-05-08 07:12:21     HTTP Response code: 403 - Forbidden
    2023-05-08 07:12:21     HTTP Response headers: WpOrg\Requests\Utility\CaseInsensitiveDictionary Object ( [data:protected] => Array ( [date] => Mon, 08 May 2023 07:12:21 GMT [content-type] => text/html; charset=utf-8 [content-length] => 146 [server] => nginx centminmod [x-powered-by] => centminmod [x-xss-protection] => 1; mode=block [x-content-type-options] => nosniff ) )
    2023-05-08 07:12:21     The validator hasn't found the XML-RPC Endpoint at the URL: http://mojobus.org/xmlrpc.php
    2023-05-08 07:12:21     The validator is going to downloading the HTML page available at the URL http://mojobus.org Inside the HTML code should be available the link to the RSD document.
    2023-05-08 07:12:21     Doing a simple HTTP GET request on the following URL http://mojobus.org
    2023-05-08 07:12:21     HTTP Request: Array ( [Accept] => text/html [User-Agent] => WordPress XML-RPC Client/1.1 )
    2023-05-08 07:12:21     HTTP Response Headers: WpOrg\Requests\Utility\CaseInsensitiveDictionary Object ( [data:protected] => Array ( [date] => Mon, 08 May 2023 07:12:21 GMT [content-type] => text/html; charset=utf-8 [content-length] => 1883 [last-modified] => Mon, 08 May 2023 00:24:00 GMT [vary] => Accept-Encoding [etag] => "64584120-75b" [content-encoding] => gzip [server] => nginx centminmod [x-powered-by] => centminmod [x-xss-protection] => 1; mode=block [x-content-type-options] => nosniff [accept-ranges] => bytes ) )
    2023-05-08 07:12:21     HTTP Response Codes: Array ( [code] => 200 [message] => OK )
    2023-05-08 07:12:21     Parsing the HTML response document trying to match the RSD Endpoint declaration...
    2023-05-08 07:12:21     RSD document NOT found!!
    and
    Code:
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        #limit_conn xwpconlimit 30;
        auth_basic "Private";
        auth_basic_user_file /home/nginx/domains/mojobus.org/htpasswd_wplogin;
        include /usr/local/nginx/conf/php-wpsc.conf;
    
    ngxrestart
    not work
    Code:
    Sorry, we cannot find the RSD Endpoint link in the src code of the page. The RSD document contains the URL to the XML-RPC endpoint.
    
    2023-05-08 09:04:40     The validator will start the XML-RPC discovery process by using the URL 'http://mojobus.org' as base URL.
    2023-05-08 09:04:40     The validator is going to the test following URL: http://mojobus.org/xmlrpc.php by doing the XML-RPC call system.listMethods on it.
    2023-05-08 09:04:40     HTTP Request headers: Array ( [Content-Type] => text/xml [User-Agent] => WordPress XML-RPC Client/1.1 [Content-Length] => 158 [Accept] => */* )
    2023-05-08 09:04:40     XML-RPC Request:
    2023-05-08 09:04:40     
    
    <?xml version="1.0"?>
    <methodCall>
        <methodName>system.listMethods</methodName>
        <params>
            <param>
                <value>
                    <string/>
                </value>
            </param>
        </params>
    </methodCall>
    
    2023-05-08 09:04:41     Response details below ->
    2023-05-08 09:04:41     HTTP Response code: 403 - Forbidden
    2023-05-08 09:04:41     HTTP Response headers: WpOrg\Requests\Utility\CaseInsensitiveDictionary Object ( [data:protected] => Array ( [date] => Mon, 08 May 2023 09:04:41 GMT [content-type] => text/html; charset=utf-8 [content-length] => 146 [server] => nginx centminmod [x-powered-by] => centminmod [x-xss-protection] => 1; mode=block [x-content-type-options] => nosniff ) )
    2023-05-08 09:04:41     The validator hasn't found the XML-RPC Endpoint at the URL: http://mojobus.org/xmlrpc.php
    2023-05-08 09:04:41     The validator is going to downloading the HTML page available at the URL http://mojobus.org Inside the HTML code should be available the link to the RSD document.
    2023-05-08 09:04:41     Doing a simple HTTP GET request on the following URL http://mojobus.org
    2023-05-08 09:04:41     HTTP Request: Array ( [Accept] => text/html [User-Agent] => WordPress XML-RPC Client/1.1 )
    2023-05-08 09:04:41     HTTP Response Headers: WpOrg\Requests\Utility\CaseInsensitiveDictionary Object ( [data:protected] => Array ( [date] => Mon, 08 May 2023 09:04:41 GMT [content-type] => text/html; charset=utf-8 [content-length] => 1883 [last-modified] => Mon, 08 May 2023 00:24:00 GMT [vary] => Accept-Encoding [etag] => "64584120-75b" [content-encoding] => gzip [server] => nginx centminmod [x-powered-by] => centminmod [x-xss-protection] => 1; mode=block [x-content-type-options] => nosniff [accept-ranges] => bytes ) )
    2023-05-08 09:04:41     HTTP Response Codes: Array ( [code] => 200 [message] => OK )
    2023-05-08 09:04:41     Parsing the HTML response document trying to match the RSD Endpoint declaration...
    2023-05-08 09:04:41     RSD document NOT found!!
    where else can the error lie?
     
  4. Max

    Max Member

    115
    5
    18
    Feb 17, 2018
    Ratings:
    +9
    Local Time:
    3:48 AM
    I did everything again with nprestart but the same errors
     
  5. eva2000

    eva2000 Administrator Staff Member

    53,223
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    12:48 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    centmin.sh menu option 22 auto installs a wordpress plugin to disable XML-RPC, did you disable that Wordpress plugin too?
     
  6. Max

    Max Member

    115
    5
    18
    Feb 17, 2018
    Ratings:
    +9
    Local Time:
    3:48 AM
    [QUOTE="eva2000, post: 96259, member: 1" disable that Wordpress plugin too?[/QUOTE]
    I have removed the plugin
     
  7. eva2000

    eva2000 Administrator Staff Member

    53,223
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    12:48 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    did that work? did you disable plugin before removing it?

    if not is this issue something that suddenly happened and previously it was working for XML-RPC access? Or it has never worked from day 1?

    You can try to verify if the issue is specific to your Wordpress instance or not by creating a 2nd dummy Wordpress install on test subdomain name via centmin.sh menu option 22 but this time with wp login HTTP password authentication disabled and xml-rpc disable plugin disabled too and test XML-RPC on that 2nd instance to see if the issue is just with your instance.
     
  8. Max

    Max Member

    115
    5
    18
    Feb 17, 2018
    Ratings:
    +9
    Local Time:
    3:48 AM
    #did that work? did you disable plugin before removing it?
    #No i have install-aktivate-deaktivate-remove

    it did not work

    #if not is this issue something that suddenly happened and previously it was working for XML-RPC #access? Or it has never worked #from day 1?
    i have never needed the interface before

    #You can try to verify if the issue is specific to your Wordpress instance or not by creating a 2nd dummy #Wordpress install on test #subdomain name via centmin.sh menu option 22 but this time with wp login #HTTP password authentication disabled and xml-rpc #disable plugin disabled too and test XML-RPC on #that 2nd instance to see if the issue is just with your instance.#

    Wordpress-Instanz and 2nd dummy Wordpress on subdomain did not work

    I will try it on a test server with fresh wordpress
     
  9. Max

    Max Member

    115
    5
    18
    Feb 17, 2018
    Ratings:
    +9
    Local Time:
    3:48 AM
    new testserver wordpress on test.mojobus.org
    Code:
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        #limit_conn xwpconlimit 30;
        #auth_basic "Private";
        #auth_basic_user_file /home/nginx/domains/test.mojobus.org/htpasswd_wplogin;
        include /usr/local/nginx/conf/php-wpsc.conf;
    
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    and Deactivate Disable XML-RPC
    did not work

    Code:
    Code    Description    Additional Info    Workaround
    403    Forbidden
            
    Hide Log
    Date    Message
    2023-05-09 09:55:18     The validator will start the XML-RPC discovery process by using the URL 'http://test.mojobus.org' as base URL.
    2023-05-09 09:55:18     The validator is going to the test following URL: http://test.mojobus.org/xmlrpc.php by doing the XML-RPC call system.listMethods on it.
    2023-05-09 09:55:18     HTTP Request headers: Array ( [Content-Type] => text/xml [User-Agent] => WordPress XML-RPC Client/1.1 [Content-Length] => 158 [Accept] => */* )
    2023-05-09 09:55:18     XML-RPC Request:
    2023-05-09 09:55:18     
    
    <?xml version="1.0"?>
    <methodCall>
        <methodName>system.listMethods</methodName>
        <params>
            <param>
                <value>
                    <string/>
                </value>
            </param>
        </params>
    </methodCall>
    
    2023-05-09 09:55:18     Response details below ->
    2023-05-09 09:55:18     HTTP Response code: 403 - Forbidden
    2023-05-09 09:55:18     HTTP Response headers: WpOrg\Requests\Utility\CaseInsensitiveDictionary Object ( [data:protected] => Array ( [date] => Tue, 09 May 2023 09:55:18 GMT [content-type] => text/html; charset=utf-8 [content-length] => 146 [server] => nginx centminmod [x-powered-by] => centminmod [x-xss-protection] => 1; mode=block [x-content-type-options] => nosniff ) )
    2023-05-09 09:55:18     The validator hasn't found the XML-RPC Endpoint at the URL: http://test.mojobus.org/xmlrpc.php
    2023-05-09 09:55:18     The validator is going to downloading the HTML page available at the URL http://test.mojobus.org Inside the HTML code should be available the link to the RSD document.
    2023-05-09 09:55:18     Doing a simple HTTP GET request on the following URL http://test.mojobus.org
    2023-05-09 09:55:18     HTTP Request: Array ( [Accept] => text/html [User-Agent] => WordPress XML-RPC Client/1.1 )
    2023-05-09 09:55:18     HTTP Response Headers: WpOrg\Requests\Utility\CaseInsensitiveDictionary Object ( [data:protected] => Array ( [date] => Tue, 09 May 2023 09:55:18 GMT [content-type] => text/html; charset=utf-8 [content-length] => 10410 [last-modified] => Tue, 09 May 2023 09:50:22 GMT [vary] => Accept-Encoding [etag] => "645a175e-28aa" [content-encoding] => gzip [server] => nginx centminmod [x-powered-by] => centminmod [x-xss-protection] => 1; mode=block [x-content-type-options] => nosniff [accept-ranges] => bytes ) )
    2023-05-09 09:55:18     HTTP Response Codes: Array ( [code] => 200 [message] => OK )
    2023-05-09 09:55:18     Parsing the HTML response document trying to match the RSD Endpoint declaration...
    2023-05-09 09:55:18     RSD document found at:http://test.mojobus.org/xmlrpc.php?rsd
    2023-05-09 09:55:18     The RSD document was found at the following URL http://test.mojobus.org/xmlrpc.php?rsd Downloading the RSD document content. Inside the RSD document there is the link to the XML-RPC endpoint.
    2023-05-09 09:55:18     Doing a simple HTTP GET request on the following URL http://test.mojobus.org/xmlrpc.php?rsd
    2023-05-09 09:55:18     HTTP Request: Array ( [Accept] => text/xml [User-Agent] => WordPress XML-RPC Client/1.1 )
    2023-05-09 09:55:18     HTTP Response Headers: WpOrg\Requests\Utility\CaseInsensitiveDictionary Object ( [data:protected] => Array ( [date] => Tue, 09 May 2023 09:55:18 GMT [content-type] => text/html; charset=utf-8 [content-length] => 146 [server] => nginx centminmod [x-powered-by] => centminmod [x-xss-protection] => 1; mode=block [x-content-type-options] => nosniff ) )
    2023-05-09 09:55:18     HTTP Response Codes: Array ( [code] => 403 [message] => Forbidden ) 
     
  10. eva2000

    eva2000 Administrator Staff Member

    53,223
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    12:48 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    On dummy test wordpress install, try disabling autoprotect outined from tools/autoprotect.sh cronjob feature outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community Your uploaded scripts may have .htaccess deny from all type files in their directories which may need bypassing autoprotect. It's a security feature that no other nginx based stack has as far as I know :)

    So instead, all .htaccess 'deny from all' detected directories now get auto generated Nginx equivalent location match and deny all setups except if you want to manually bypass the directory from auto protection via a .autoprotect-bypass file - details below here.

    You can read a few threads below on how autoprotect.sh may have caught some folks web apps falsely and the workarounds or improvements made to autoprotect.sh with the help of users feedback and troubleshooting.
    Check if your nginx vhost at either or both /usr/local/nginx/conf/conf.d/domain.com.conf and/or /usr/local/nginx/conf/conf.d/domain.com.ssl.conf has include file for autoprotect example
    Code (Text):
    include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
    

    see if your directory for the script which has issues is caught in an autoprotect include entry in /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf which has a deny all entry
    Code (Text):
    cat /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf
    

    i.e.
    Code (Text):
    # /home/nginx/domains/domain.com/public/subdirectory/js
    location ~* ^/subdirectory/js/ { allow 127.0.0.1; deny all; }
    

    If caught you can whitelist it by autoprotect bypass .autoprotect-bypass file - details below here. So if problem js file is at domain.com/subdirectory/js/file.js then it is likely /subdirectory/js has a .htaccess with deny all in it - make sure that directory is meant to be publicly accessible by contacting author of script and if so, you can whitelist it and re-run autoprotect script to regenerate your /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    it maybe you need to also whitelist /subdirectory then it would be as follows creating bypass files at /home/nginx/domains/domain.com/public/subdirectory/.autoprotect-bypass and /home/nginx/domains/domain.com/public/subdirectory/js/.autoprotect-bypass
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/
    touch .autoprotect-bypass
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    then double check to see if updated /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file now doesn't show an entry for /subdirectory/js
     
  11. eva2000

    eva2000 Administrator Staff Member

    53,223
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    12:48 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    also could be related to xmlrpc.php location context
    Code (Text):
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwprpc burst=45 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/wpincludes/spcc.centminmod.com/php-fastcgicache.conf;
        # https://jetpack.com/support/hosting-faq/
        include /usr/local/nginx/conf/jetpack_whitelist_ip.conf;
       
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    

    specifically could be related to /usr/local/nginx/conf/jetpack_whitelist_ip.conf - comment out /usr/local/nginx/conf/jetpack_whitelist_ip.conf and restart nginx and php-fpm
     
  12. Max

    Max Member

    115
    5
    18
    Feb 17, 2018
    Ratings:
    +9
    Local Time:
    3:48 AM
    then the XML-RPC problem was solved.

    But why i have a not valid JSON
    Code:
    Critical issues concern items that can have a major impact on your site's performance or security. Resolving these issues should be prioritized.
    The author url is unreachable 
    
    The author URL https://mojobus.org/author/max/ does not return a valid JSON for application/activity+json. Please check if the hosting alternative Accept-Headerssupports. 
     
  13. eva2000

    eva2000 Administrator Staff Member

    53,223
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    12:48 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    What plugin or testing tool is returning that error ?
     
  14. Max

    Max Member

    115
    5
    18
    Feb 17, 2018
    Ratings:
    +9
    Local Time:
    3:48 AM
    Last edited: May 10, 2023
  15. Jon Snow

    Jon Snow Active Member

    767
    157
    43
    Jun 30, 2017
    Ratings:
    +225
    Local Time:
    11:48 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    I'm wondering what's the correct way to whitelist IPs in Alma9 Nginx Centminmod.

    The above just prompts the PHP file to download in my browser rather than output text when my IP is unblocked.

    I've tried:
    Code (Text):
    location = /xmlrpc.php {

    Code (Text):
    location ^~ \xmlrpc.php {

    Code (Text):
    location ~* /(xmlrpc\.php) {


    I've also tried allowing the IPs directly in the vhost config file without jetpack_whitelist_ip.conf for the PHP file.

    It blocks ALL IPs that haven't been whitelisted, but when I load the PHP file I'm trying to block when my IP is whitelisted, my browser downloads the PHP file instead of loading the PHP output.

    Edit:
    I'm not sure what this is:
    Code (Text):
    include /usr/local/nginx/conf/wpincludes/spcc.centminmod.com/php-fastcgicache.conf;

    But maybe I need to add an include for PHP to work?
     
    Last edited: Jul 13, 2024
  16. eva2000

    eva2000 Administrator Staff Member

    53,223
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    12:48 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    what file are you trying to block and whitelist? the above quoted statement is just for jetpack IPs as per Add Jetpack IPs to an Allowlist. But looks like they added a new IP range for
    Code (Text):
    192.0.64.0/18
    

    but there is Centmin Mod cronjob at /usr/local/src/centminmod/tools/jetpackips.sh that updates /usr/local/nginx/conf/jetpack_whitelist_ip.conf every 12hrs
    Code (Text):
    crontab -l | grep jetpack
    11 */12 * * * /usr/local/src/centminmod/tools/jetpackips.sh >/dev/null 2>&1
    

    seems issue is on Jetpack's end they say they update https://jetpack.com/ips-v4.txt with IPs and that is where cronjob reads the updates but https://jetpack.com/ips-v4.txt is out of date and doesn't list 192.0.64.0/18. Checked their JSON url too and same, it's missing the new IP range that their web site lists at Add Jetpack IPs to an Allowlist
    Code (Text):
    curl -s https://jetpack.com/ips-v4.json | jq -r
    [
      "122.248.245.244/32",
      "54.217.201.243/32",
      "54.232.116.4/32",
      "192.0.80.0/20",
      "192.0.96.0/20",
      "192.0.112.0/20",
      "195.234.108.0/22"
    ]
    


    gave Jetpack folks a heads up Allowed Jetpack IP list out of date

    Also if you use Cloudflare may need to add ips to allow list at Cloudflare level Add Jetpack IPs to an Allowlist
     
  17. Jon Snow

    Jon Snow Active Member

    767
    157
    43
    Jun 30, 2017
    Ratings:
    +225
    Local Time:
    11:48 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    I already manually added IPs and 192.0.64.0/18 is included.

    The problem is that PHP files are downloaded instead of it being executed as it should.

    This gets downloaded as a .php file to my computer when I load it:
    Code (Text):
    domain.com/xmlrpc.php


    When it should load the text instead:
    Code (Text):
    XML-RPC server accepts POST requests only.


    With:
    Code (Text):
    location ~* /(xmlrpc\.php) {
        include /usr/local/nginx/conf/jetpack_whitelist_ip.conf;
    }
    


    Or

    Code (Text):
    location = /xmlrpc.php {
        allow IP;
        allow IP;
        deny all;
    }


    Or

    Code (Text):
    location ~* /(xmlrpc\.php) {
        allow IP;
        allow IP;
        deny all;
    }


    Where:
    Whitelisted IP = allow IP;

    If I remove these values, the PHP executes the PHP code instead of prompting me to download the PHP file.

    This is why I think an include might be missing from the location context for the PHP file block to make this work.
     
  18. eva2000

    eva2000 Administrator Staff Member

    53,223
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    12:48 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    after editing Nginx /usr/local/nginx/conf/jetpack_whitelist_ip.conf include file did you restart nginx and php-fpm for the changes to take effect?
    Code (Text):
    systemctl restart nginx php-fpm
    

    or
    command shortcut
    Code (Text):
    nprestart
    

    centmin.sh menu option 22 Wordpress installer would of created Nginx vhost with the following (Cache Enabler version below) where xmlrpc.php is served via /usr/local/nginx/conf/php-wpsc.conf include file defined PHP-FPM server
    Code (Text):
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwprpc burst=45 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
        # https://jetpack.com/support/hosting-faq/
        include /usr/local/nginx/conf/jetpack_whitelist_ip.conf;
       
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
     
  19. Jon Snow

    Jon Snow Active Member

    767
    157
    43
    Jun 30, 2017
    Ratings:
    +225
    Local Time:
    11:48 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    I always restart nginx and php-fpm when changing these configuration files.

    I always install WP the manual way (preference) and add the wpsecure/nocache configs from the vhost generator.

    I don't have this file on my server:
    Code (Text):
    include /usr/local/nginx/conf/php-wpsc.conf;

    Is this what makes PHP execute in a location context for a specific PHP file?
     
  20. eva2000

    eva2000 Administrator Staff Member

    53,223
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    12:48 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    if you're manually setting up Wordpress then instead of
    /usr/local/nginx/conf/php-wpsc.conf use default Centmin Mod
    /usr/local/nginx/conf/php.conf include file instead. centmin.sh menu option 22 Wordpress just copies /usr/local/nginx/conf/php.conf to /usr/local/nginx/conf/php-wpsc.conf with it's own specific settings for the 3 full page cache options, cache enabler, redis nginx level and wp super cache