🛡️ Sentinel: [CRITICAL] Fix hardcoded token bypass for XML-RPC

[Snider]

🚨 Severity: CRITICAL
💡 Vulnerability: A hardcoded token check (xrpc-9f8e7d6c5b4a) was present in the Nginx configuration (server-php/config/conf.d/wordpress.conf) to allow access to /xmlrpc.php. This allows anyone with knowledge of the token to bypass the block and access the endpoint, potentially exposing the application to brute-force or DDoS attacks.
🎯 Impact: Attackers who discover the hardcoded token could exploit the XML-RPC endpoint, compromising the security of the application.
🔧 Fix: Removed the hardcoded token check and replaced it with an unconditional deny all to prevent any access to /xmlrpc.php. A journal entry was also added to document this finding.
✅ Verification: Review the changes in server-php/config/conf.d/wordpress.conf to confirm that the location = /xmlrpc.php block now only contains deny all; access_log off; log_not_found off;.

---

PR created automatically by Jules for task 5062582356565095931 started by @Snider

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.