September 6, 2014

Allow WordPress xmlrpc.php To Certain User Agents In Nginx

There’s plenty of guides[1] for blocking xmlrpc.php from non-WordPress user agents using Apache and IIS, but so far I haven’t found one for doing the same in Nginx. Using the aforementioned guide I converted the Apache script into an Nginx compatible config section, just add it to your WordPress server{} section.

Here’s how to do it:

location = /xmlrpc.php {
    if ($http_user_agent !~* "(poster|wordpress|windows live writer|wp-iphone|wp-android|wp-windowsphone)") {
        return 403;
    try_files $uri /index.php;
    include /etc/nginx/fastcgi_params;
    fastcgi_pass php;

Leave a Reply

Your email address will not be published. Required fields are marked *