EGT games.REGISTER NOW GET FREE 888 PESOS REWARDS!

Jetpack & WooCommerce Cannot Connect

Tamer Ziady — Sat, 08 Mar 2025 20:26:55 +0000

Hello:

I have several sites that use a subdirectory for the actual WordPress installation and the site. This use to be a very common practice and still is in some circles as it allows the WordPress installation to stay pure and very easily manageable with tools like Composer and others.

However, it appears that the support forums and other sites are littered with problems concerning Jetpack and more importantly WooCommerce not being able to connect back.

The issue also represents itself as an xmlrpc connection issue.

I have checked high and low; and cannot find a way to change the behavior or allow for Jetpack and Woocommerce and www.remarpro.com site in general to connect back to my site.

I have this occurring on three sites that are using a new layout / design setup that uses a subdirectory for the actual WordPress installation files.

I know many others have seen this issue.

Can someone help me with how they ended up resolving it?

WordPress App blocks my IP

norbre — Tue, 07 Jan 2025 10:24:52 +0000

Hi, I have a wordpress site and I want to write drafts from my phone and if necessary, publish posts, so I downloaded the Android app.
The app allows me to log in, I can see my posts, drafts, the only problem is that as soon as I make a post or update a draft, the provider blocks my IP address.
I can unblock it with a little effort, but this happens after every save. When my IP is in block, I get this message on the site:
It seems that the reason for the ban is the frequent access to xmlrpc.php, which is the most typical sign of a hacking attempt for WordPress sites.
Type of ban, reason: continuous, XMLRPC.

The environment:
– PHP: 8.2 (ea-php82)
– WordPress 6.7.1 with Customify theme
– WP and plugins are up to date
– The app is on Android Xiaomi Hyper OS

What I’ve tried based upon suggestions I’ve found in this theme:

inactivated all plugins
changed to basic Twenty twenty-four theme
Application password
contacted with my provider.
They don’t want to change their security, but they suggested me this link: Logging WordPress android app makes my website unavailable | www.remarpro.com

The plugin wrote on the link unfortunately doesn’t do anything.
However, I found xmlrpc.php in the file browser on the hosting, so I tried in manual mode.

1st try with the solution written on the link:
Based on xmlrpc.php I’ve created a copy called xmlrpc2.php.
I got a little help with whis: “you might want to check if it works correctly after the renaming by typing (https://barangolasok.hu/xmlrpc2.php) into the browser’s address bar, and you should get the same result as you see now when typing https://barangolasok.hu/xmlrpc.php: XML-RPC server accepts POST requests only.”
So in the browser the result is: XML-RPC server accepts POST requests only.
I set https://barangolasok.hu/xmlrpc2.php in the app, unfortunately the result is still IP ban.

2dn try:
In the xmlrpc2.php file I replaced all xmlrpc.php strings with xmlrpc2.php and updated the file on the server.
In the browser the result is: XML-RPC server accepts POST requests only.
I set https://barangolasok.hu/xmlrpc2.php in the app, unfortunately the result is still IP ban.

3rd try:
While searching, I came across a page where this file can be validated https://xmlrpc.blog/
https://barangolasok.hu/xmlrpc.php → Congratulations! Your site passed the first check.
You can add the blog within the mobile app using the following URL: https://barangolasok.hu/xmlrpc.php

https://barangolasok.hu/xmlrpc2.php → Congratulations! Your site passed the first check.
You can add the blog within the mobile app using the following URL: https://barangolasok.hu/xmlrpc2.php/xmlrpc.php
This is interesting because it does not write only xmlrpc2.php.
Despite this, I tried all three ways, but unfortunately the result is the same, IP ban.

https://barangolasok.hu/xmlrpc.php https://barangolasok.hu/xmlrpc2.php https://barangolasok.hu/xmlrpc2.php/xmlrpc.php

4th try:
Renamed xmlrpc.php to xmlrpc.old on the server so that only xmlrpc2.php remains, but the page doesn’t work at all.

I am a simple user, I don’t know too much about WP.
I welcome any suggestions, thank you

Bug with XML-RPC settings

Ov3rfly — Sat, 23 Nov 2024 11:01:50 +0000

If option “Disable XML-RPC” and “Also kill any incoming XML-RPC request” is active and you only switch off the “Disable XML-RPC” option, the sub-option is no more visible in backend but access to xmlrpc.php in frontend is still blocked with 403.

Expected behaviour: Disabling top-option should also disable sub-option.

No Nonsense 3.5.0, WordPress 6.6.2

SUCURI: SiteCheck error: Unable to properly scan your site properly

Chris — Thu, 26 Sep 2024 19:06:03 +0000

My plugin is saying this “SUCURI: SiteCheck error: Unable to properly scan your site. Timeout reached” Recently I turned off access to /wp-json/wp/v2/users and disabled xmlrpc. Is this something it needs to work?

Sites upgraded to 6.6.1 do no allow use of Open Live Writer

mjgraves — Wed, 31 Jul 2024 23:10:32 +0000

Since my site upgraded to v6.6.1 I cannot upload drafts via Open Live Writer.

OLW reports:

“Unexpected error has occured while attempting to log in:

Invalid Server Repsonse – The repsonse to the blogger.getUsersBlogs method received from blog server was invalid:

Invalid response document receioved from XmlRpc server”

OLW is unchanged in years. I have several wholly different sites that all behave the same. Something appears to be broken.

ApiError: Unable to insert blog

wplmu2024 — Mon, 29 Jul 2024 18:41:52 +0000

Just completed a migration to a new host and the “Set up Jetpack” is throwing an error. It’s saying: An error occurred. Please try again.

In the migration, the xmlrpc.php is now stored in the /cms directory. Is there a way we can update this in Jetpack or something the service can help resolve?

Would it be possible to re-install only the XML-RPC part?

algisj — Tue, 21 May 2024 07:51:14 +0000

Good Day.

I am having complete unsuccess trying to connect and create/modify posts from my mobile iPhone.

– Password/username are corrects. Editor username, not administrator
– I have no problem FTP
– I had recent attacks from outside but seems ok now (NinjaScanner)
– It would be difficult to reinstall entire core. So a list of files involved would be a good start.

Thank you,

Algis

disable xmlrpc?

jennysaunders — Fri, 17 May 2024 08:38:57 +0000

I have read in places that xmlrpc is a security risk and required by jetpack. Is this true? And do I need to disable it on my site?

XML-RPC possible?

MartinBY — Sun, 05 May 2024 20:47:21 +0000

Hi Giuseppe,

on my website xmlrpc is active and running (when your plugin is deactivated).

Actviating the plugin, xmlrpc is not possible anymore and is not reported in the lists for whitelisting. So in principle, is it possible to use XMLRPC along with CSP active? Or what could be the reason this does not work here?

Hacking: Unauthorized Admin Login

achanne — Mon, 11 Mar 2024 09:16:47 +0000

Hi All,

I have a site in which, after activating an activity log plugin, I have discovered unauthorized admin account logins despite changing password multiple times, using long randomly generated passwords. I have already blocked xmlrpc.php using a plugin. When I checked visit logs in C-Panel, matching the suspicious login IP address and time to that recorded in the dasboard’s activity log (plugin), it looks like login was via example.com/wp-json/wp/v2/users (where example.com is our own url) which I think has something to do with REST API. It looks like the hacker was able to somehow login WITHOUT a password.

I understand I can easily disable the /wp-json/wp/v2/users but we NEED REST API because xmlrpc.php has been disabled (which helped reduce brute force attack) and we have plugins (such as Mail SMTP) that require connections to third party sites such as Google (where secret keys are used). How can I secure the site and still be able to use REST API?