XMLRPC.php needed for offline blogging

  • Hi, i am facing a problem during offline blogging. When we are on trips we make use of offline blogging, so we write our blog items, and upload them when we have solid internet. This week we where testing if all work ok, and we found out the offline blogging did not work, an error blog post webaddress not found, url/xmlrpc.php. First it was bloked by the hosting provider but after alowing my home (permanend ip) the problem was still there, after investigation it was somewhere in the .htaccess file. After testing i found out the issue is the “Optimise Wordfence Firewall” option, when enabled the offline blogging fails.

    Question: is it possible to enable the optimize Wordfence firewall, in such a way there is an exclusion for my ipaddress? it is already whitelisted but seems this part of the firewall ignored the whitelist.

    Regards Eelco

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @eelcodegraaff,

    You may need to speak with your host if xmlrpc.php has been blocked/removed by your host by design. Comment and registration spam through XML-RPC is common, so security preferences provided by your host could be a factor here.

    As far as Wordfence is concerned, unchecking the “Disable XML-RPC authentication” checkbox in Wordfence > Login Security > Settings should allow authentication attempts through that file.

    Also ensure you don’t see the following in your .htaccess file, which would block access to this file altogether:

    # Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

    Thanks,
    Peter.

    Thread Starter eelcodegraaff

    (@eelcodegraaff)

    Thanks for your reaction, i will check the things you suggested. When the optimised firewall is on, the xmlrpc authentication fails, when off it works, with your suggestion i could harden the site better, thanks. And yes indeed, my hosting provider has a firewall that also blocks this function, it will only be opened for my own ip.

    Plugin Support wfpeter

    (@wfpeter)

    Hi again @eelcodegraaff, thanks for getting back to me.

    It might be worth enabling Learning Mode when you wish to use XML-RPC for this purpose as an action may be getting caught by Wordfence as a false-positive. The https://www.wordfence.com/help/firewall/learning-mode/ page will assist you in the first part and also includes a method for allowing blocked action(s) from your Live Traffic page manually.

    However, if you don’t see a Wordfence-branded blocking page or a specific blocked action (when you attempt to submit the post) in your Live Traffic, there’s still a chance the issue could still be linked to host restrictions even if your IP has seemingly been allowed.

    Thanks again,
    Peter.

    Thread Starter eelcodegraaff

    (@eelcodegraaff)

    Hi thanks Peter,

    I did a bit examination more in detail but the issue is hard to grab.

    As solution to get xmlrpc working i disabled the advanced protection and at that moment the posts with livewriter work again. Based on your suggestions i digged into some settings and checked Wordfence > Login Security > Settings? the block login setting was not eabled. I also checked the .htaccess file and it did not contain any blocks on the xmplrpc.php file.

    After this i re-enabled the advanced protection and did some testing, and i was able to post with Learning mode on in the logging i did not see any strange blocks. The firewall does make notes regarding a 404 on the wlwmanifest.xml file. Seems it is not longer there and/or is blocked. No clue what to do with that one.

    The main issue is.. i can’t find why posting works, and after a while when i change settings in the WordFence settings the posting by xmlrpc is blocked again. I can’t find it in the logging.. If i look now i see the access to the xmlrpc.php is allowed. On one hand i am a bit further on the another hand, i have no clear view how to fix this in a solid and permanent way. In fact what i need is a specific firewall rule to allow an ipnr/publisher name combination to access the xmlrpc file for all those actions that are needed to make a blog post externally. This in relation with my ISP that also allows the traffic from my home ip should make me able to do blogposts during trips by vpn without access issues.

    Any clues and suggestions? I dont want to post loginfo in detail in this forum since it is all privacy and security related data.

    Regards

    Eelco

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘XMLRPC.php needed for offline blogging’ is closed to new replies.

Tags