From 3886f43d78b3d4b2794cd239f345997fd3877eba Mon Sep 17 00:00:00 2001
From: Dion Hulse <dd32@git.wordpress.org>
Date: Tue, 11 Jan 2022 00:50:48 +0000
Subject: [PATCH] Login: Disable all XML-RPC methods on login.w.org, they
 aren't used and this might persuade some vulneravility scanners not to waste
 their time with invalid payloads.

git-svn-id: https://meta.svn.wordpress.org/sites/trunk@11426 74240141-8908-4e6f-9713-ba540dce6ec7
---
 .../wp-content/themes/pub/wporg-login/functions.php    | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions.php b/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions.php
index 4a6062a4f1..60859419a5 100644
--- a/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions.php
+++ b/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions.php
@@ -55,10 +55,12 @@ function wporg_login_init() {
 /**
  * Disable the Core Language Selector on wp-login.php.
  */
-function wporg_login_disable_lang_switcher() {
-	add_filter( 'login_display_language_dropdown', '__return_false' );
-}
-add_action( 'login_init', 'wporg_login_disable_lang_switcher' );
+add_filter( 'login_display_language_dropdown', '__return_false' );
+
+/**
+ * Disable XML-RPC endpoints.
+ */
+add_filter( 'xmlrpc_methods', '__return_empty_array' );
 
 /**
  * Replace cores login CSS with our own.