Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protect: Revert XML RPC request should get hard blocker quicke #9312

Merged
merged 1 commit into from
Apr 13, 2018
Merged

Protect: Revert XML RPC request should get hard blocker quicke #9312

merged 1 commit into from
Apr 13, 2018

Conversation

enejb
Copy link
Member

@enejb enejb commented Apr 13, 2018

Since a lot of third party services relied on this be able to connect and were blocked as a result of failed login attempts we decided to revert the PR. The services will still eventually get blocked but not as quickly as they were before.

If someone want to harden their XMLRPC login they can use the following code instead.

add_filter( 'jpp_use_captcha_when_blocked', 'jetpack_no_captia_on_xmlrpc_requests' );
function jetpack_no_captia_on_xmlrpc_requests($allow_math_fallback) {
if( Jetpack_Constants::is_true( 'XMLRPC_REQUEST' ) ) {
return false;
}
return $allow_math_fallback;
}

More Context: p1HpG7-51K-p2

Reverts #8855

@enejb
Protect: Revert XML RPC request should get hard blocker quicke
e514ed0 
Since a lot of third party services relied on this be able to connect and were blocked as a result we decided to revert the PR.

If someone want to hadern their XMLRPC connection they can use the following code instead.

```
add_filter( 'jpp_use_captcha_when_blocked', 'jetpack_no_captia_on_xmlrpc_requests' );
function jetpack_no_captia_on_xmlrpc_requests($allow_math_fallback) {
if( Jetpack_Constants::is_true( 'XMLRPC_REQUEST' ) ) {
return false;
}
return $allow_math_fallback;
}
```
@enejb enejb requested a review from a team as a code owner April 13, 2018 19:37
@enejb enejb self-assigned this Apr 13, 2018
@enejb enejb added the [Status] Needs Review To request a review from fellow Jetpack developers. Label will be renamed soon. label Apr 13, 2018
@samhotchkiss samhotchkiss added [Status] Ready to Merge Go ahead, you can push that green button! and removed [Status] Needs Review To request a review from fellow Jetpack developers. Label will be renamed soon. labels Apr 13, 2018
@samhotchkiss
Copy link
Contributor

LGTM

@enejb enejb merged commit c9828bc into master Apr 13, 2018
@ghost ghost removed the [Status] Ready to Merge Go ahead, you can push that green button! label Apr 13, 2018
@jeherve jeherve deleted the revert/xmlrpc-hard-blocking branch April 16, 2018 09:19
@jeherve jeherve added this to the 6.1 milestone Apr 16, 2018
@jeherve jeherve added [Type] Bug When a feature is broken and / or not performing as intended [Feature] Protect Also known as Brute Force Attack Protection labels Apr 16, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@samhotchkiss samhotchkiss samhotchkiss approved these changes

@dereksmart dereksmart Awaiting requested review from dereksmart

Assignees

@enejb enejb

Labels
[Feature] Protect Also known as Brute Force Attack Protection [Type] Bug When a feature is broken and / or not performing as intended
Projects
None yet
Milestone
6.1
Development

Successfully merging this pull request may close these issues.
5 participants
@enejb @samhotchkiss @jeherve @oskosk @matticbot