XML-RPC and Rest API

  • Resolved akshaya347

    (@akshaya347)


    3 years, 3 months ago

    Hi, you guys are true leaders in WP Security! Thank you so much!

    I wanted to ask that by disabling XML-RPC & WordPress API, will Payment Gateway APIs such as Paypal Express Checkout, Stripe Rest API or etc. become unstable?

    Also, by disabling XML-RPC & WordPress API, social front-end logins such as Google login (By Wp Social Plugin) have an issue?

    Thank you!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @akshaya347

    Glad to hear that you are enjoying our plugin.

    If you use any plugins or services that use the WordPress XML-RPC interface then you won’t be able to use either of our plugin options below:

    Require 2FA for XML-RPC call authentication
    Disable XML-RPC authentication

    https://www.wordfence.com/help/login-security/

    The only Wordfence option that relates to WordPress REST API endpoints is the option Disable WordPress application passwords so if you do use WordPress application passwords then you will need to disable this option.

    https://www.wordfence.com/help/firewall/brute-force/#disable-wordpress-application-passwords

    Thread Starter akshaya347

    (@akshaya347)

    Thank you! Also, I have a new issue on my other site. I use Wordfence on it and for the last 12 hours, I am not able to log in to my site. I am the only admin and it says “Your access to this site has been limited by the site owner”.

    I enter my email and I am not receiving any email to unlock it too. I have tried sending emails multiple times, and it’s just not coming. I did check all the folders including junk and spam.

    What can be done here? Can I use cPanel or any other way around?

    Plugin Support wfphil

    (@wfphil)

    Hi @akshaya347

    If the lockout email doesn’t arrive then that suggests that WordPress is unable to reliably send mail and you can ask your hosting provider if they can see why WordPress is unable to send all mail. Please note that Wordfence doesn’t send the email, we use the WordPress mail function to send the email.

    Alternatively, to gain access to your site immediately, you can rename the Wordfence plugin via FTP/SSH or your hosting control panel file manager. If you are not sure what to do your hosting provider may be happy to help.

    Find the Wordfence directory in the file path below and rename the Wordfence directory as below:

    ~/wp-content/plugins/wordfence-disabled

    You will now be able to log in to WordPress.

    You then need to rename the Wordfence directory again to reactivate Wordfence as below:

    ~/wp-content/plugins/wordfence

    At this point, you won’t see Wordfence in the WordPress menu. Click the WordPress Dashboard menu item and you will then see the Wordfence main menu item appear. However, you may need to reactivate Wordfence on the WordPress Plugins page first.

    You can then open the Blocking tab on the Firewall page to look for a block for your IP address and the reason given. If there are a lot of blocks then you can search for your IP address in the list of blocks. You can find your IP address here (note that this detection is not 100% accurate on cellular phone network connections):

    https://whatismyipaddress.com/

    Depending on the reason given for the lockout you can adjust that setting so that it doesn’t happen again. Our recommended settings are in the link below:

    https://www.wordfence.com/help/firewall/brute-force/

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘XML-RPC and Rest API’ is closed to new replies.

Tags