Disable XML-RPC authentication

  • Resolved mish99

    (@mish99)


    2 years, 4 months ago

    Hello

    I currently have WordFence set to Disable XML-RPC authentication, but JetPack wants me to deselect the option. I am happy to do so, but every time I uncheck the box and save, the check comes back.

    I confess to using a data base cleaner yesterday which seems to have turned on this option. I am guessing uninstalling and reinstalling WordFence might be my best option. But would like to know what is causing the problem so I don’t do it again.

    many thanks m

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @mish99, thanks for your message.

    I can’t say for sure in your case, but there is a chance the database alterations have caused an issue saving this setting. I would definitely first try altering the setting in a different browser to your default, and/or trying an incognito/private browsing window just in case there are any front-end caching issues. In fact, you could also try clearing any caching plugins on your WordPress installation just in case those are preventing the change from being displayed.

    It might also be worth checking if you have disabled XML-RPC altogether in your .htaccess, so remove the following code if you see it:

    # Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

    The above are just some ideas that might prevent you from having to go through the reinstall process if at all possible. Jetpack and the WordPress app do both require XML-RPC authentication so our usual recommendation is indeed to have this setting off if you use either or both of those.

    Below, I will provide instructions for a manual reinstall just in case you don’t want to lose your settings during the process. It’s always best to make a backup of the site and database before installing/removing plugins too, just to be safe.

    Additionally, you can backup your Wordfence settings via the Export option. Navigate to Wordfence > Tools > Import/Export Options and click Export. You can also take note of the current Whitelisted URLs you have in Wordfence > Firewall > All Firewall Options > Whitelisted URLs as these are NOT included in the Import/Export, and will be lost during the re-install.
    Here is what is exported: https://www.wordfence.com/help/tools/import-export/
    During the export, you will be given a long string of text. Keep this safe, you’ll need it in a few minutes.

    After that, enable the option to Delete Wordfence tables and data on deactivation in All Options > General Wordfence Options. You will want to remember to disable this after you reinstall Wordfence again.

    After you enable that option, you can deactivate Wordfence from the Plugins area of your site, then delete it. Next, from the plugins area, search for and re-install Wordfence like normal.

    It will be like setting Wordfence up for the first time. You will need to enter an email address, and then go into Tools > Import/Export Options and paste that string of text into the Import Wordfence Options field and click the button there.

    The firewall will be in Learning Mode by default for 7 days. I would recommend switching this to Enabled and Protected as soon as possible.

    Let me know how you get on!

    Peter.

    Thread Starter mish99

    (@mish99)

    Thank you Peter. I ended up reinstalling ??

    m

    • This reply was modified 2 years, 4 months ago by mish99.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Disable XML-RPC authentication’ is closed to new replies.